OT? Philosophical Question on SA responsibilities
From: Bruntel, Mitchell L, ALABS (mbruntel_at_att.com)
Date: 01/30/04
- Previous message: Richard.Skelton_at_infineon.com: "Which PCI Dual-Channel Differential SCSI card I have?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 30 Jan 2004 08:46:53 -0600 To: <sunmanagers@sunmanagers.org>
Here's a question for other administrators:
Question:
Presume the following:
15 remotely located machines (all solaris)
3 people allowed to use root password.
New admin joins group.
Told to install XYZ software on machines.
Told Reboot, if necessary is ok.
Told install ok to install additional pre-requisites if needed...
OH, and there are NO users on the box, just those administrators.
Here are the questions:
As a experienced SA logging into the machine for the first time:
a) would you go thru the 14,600 messages in root and admin mailboxes,
and delete them?
b) Would you presume your charge also includes "doing the right thing"
to tighten the security on the box?
c) If you do b, and find security vulnerabilities, would you shut them
down, (fix them directly), or ask for permission to fix them.
d) if you presume b, is correct, would you install a cron job that does
the following?
for all id's on system: do
1) passwd -s userid (gets user password status
(locked/nopassword,etc)
2) crontab -l userid (sees if user is in cron.allow, deny, etc.)
3) Log results to a file in /var/adm, automatically by day
date/month/year (creating directories as necessary.
Thanks: I'll summarize.
PS: want the script? Email me. It's saved me a few times, and found a
few unauthorized things in the past!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Richard.Skelton_at_infineon.com: "Which PCI Dual-Channel Differential SCSI card I have?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
