[clug] Detecting malicious former employees
Edward Lang
edlang at gmail.com
Tue Sep 12 03:02:31 GMT 2006
On 9/12/06, Michael Still <mikal at stillhq.com> wrote:
> Michael James wrote:
>
> > Scripts are an excellent idea for disabling a normal account,
> > but it's a different ball game when the user had root.
> > If there is even the possibility of premeditated maliciousness
> > then the machine has the same status as a hacked one,
> > "scheduled for re-build".
>
> Wow. I agree in principle, but that's a mammoth task in a lot of
> environments...
There's a reason companies use security clearances that include
background checks and references, system and data backups, and the
threat of lawyers and litigation, right? All that is probably easier
to manage than explaining to a customer why their systems are offline
for an unknown period of time...
Mikal: thanks for the tip about the SSH authorized_keys file. Remote
commands will work even with an invalid shell? How?
Edward.
More information about the linux
mailing list