[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Michael Still mikal at stillhq.com
Mon Sep 11 13:52:38 GMT 2006

Antti.Roppola at brs.gov.au wrote:
> Hi all,
> Also consider what *other* accounts said person might have had su access to.
> For example: ISPs, hosting providers, telcos, generic system logins (i.e. "oracle"),
> un-documented/defunct/departed/stupid user accounts, cronjobs, web interfaces,
> databases etc. etc. etc.

And machines that there might be sessions on from before the employee 
left your employ. Screen, ssh tunnels from home, that sort of thing.


More information about the linux mailing list