[clug] Detecting malicious former employees
Michael James
Michael.James at csiro.au
Tue Sep 12 01:20:25 GMT 2006
On Tue, 12 Sep 2006 10:42 am, Edward Lang wrote:
> Another coworker has written a script,
> which for a given user updates /etc/passwd
> with an invalid password for that user,
> changes their shell to /bin/false (or similar),
> invalidates their crontab, and kills their processes.
> It could, no doubt, be refined,
Scripts are an excellent idea for disabling a normal account,
but it's a different ball game when the user had root.
If there is even the possibility of premeditated maliciousness
then the machine has the same status as a hacked one,
"scheduled for re-build".
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
PS: This assumes the company has no interest in entrapment...
More information about the linux
mailing list