[clug] Detecting malicious former employees

Tomasz Ciolek tmc at vandradlabs.com.au
Mon Sep 11 05:49:46 GMT 2006

 All that, and change all the root passwords on servers and admin
 password on routersand run chkrootkit utility.


On Mon, Sep 11, 2006 at 03:43:20PM +1000, Robert Edwards wrote:
> Take them out of all the sudoers lists on all machines. If they
> re-appear in any of them, take them to court and sue 'em (you did
> get them to sign a document stating that they wouldn't attempt to
> gain access to the machines?).
> Cheers,
> Bob Edwards.
> John Fletcher wrote:
> >Hi guys,
> > 
> >I'm looking for some advice about precautions to take when a potentially
> >malicious and highly priviliged (previously had root pw) employee leaves an
> >organisation.  Can anyone give me some advice about precautions to take and
> >especially where to look to detect possible attempts to gain access or
> >engage in malicious activity?
> > 
> >In this particular case we're talking about linux firewall, PPTPD,
> >mailservers, and various other bits and pieces.  Most work done from remote
> >locations, not onsite.
> > 
> >Thanks,
> >Fletch.
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Tomasz M. Ciolek	
 tmc at vandradlabs dot com dot au 
   GPG Key ID:		0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers

More information about the linux mailing list