[UNCLASSIFIED]RE: [clug] Detecting malicious former employees
Michael Still
mikal at stillhq.com
Mon Sep 11 13:52:38 GMT 2006
Antti.Roppola at brs.gov.au wrote:
> Hi all,
>
> Also consider what *other* accounts said person might have had su access to.
> For example: ISPs, hosting providers, telcos, generic system logins (i.e. "oracle"),
> un-documented/defunct/departed/stupid user accounts, cronjobs, web interfaces,
> databases etc. etc. etc.
And machines that there might be sessions on from before the employee
left your employ. Screen, ssh tunnels from home, that sort of thing.
Mikal
More information about the linux
mailing list