OT? Philosophical Question on SA responsibilities

From: Bruntel, Mitchell L, ALABS (mbruntel_at_att.com)
Date: 01/30/04

  • Next message: Miller Alan: "SunFire 6800/15K How many CPUs" 
    Date: Fri, 30 Jan 2004 08:46:53 -0600
To: <sunmanagers@sunmanagers.org>

    Here's a question for other administrators:

    Question:
    Presume the following:
    15 remotely located machines (all solaris)
    3 people allowed to use root password.

    New admin joins group.
    Told to install XYZ software on machines.
    Told Reboot, if necessary is ok.
    Told install ok to install additional pre-requisites if needed...

    OH, and there are NO users on the box, just those administrators.

    Here are the questions:
    As a experienced SA logging into the machine for the first time:

    a) would you go thru the 14,600 messages in root and admin mailboxes,
    and delete them?
    b) Would you presume your charge also includes "doing the right thing"
    to tighten the security on the box?
    c) If you do b, and find security vulnerabilities, would you shut them
    down, (fix them directly), or ask for permission to fix them.
    d) if you presume b, is correct, would you install a cron job that does
    the following?
             for all id's on system: do
            1) passwd -s userid (gets user password status
    (locked/nopassword,etc)
            2) crontab -l userid (sees if user is in cron.allow, deny, etc.)
            3) Log results to a file in /var/adm, automatically by day
    date/month/year (creating directories as necessary.

    Thanks: I'll summarize.
    PS: want the script? Email me. It's saved me a few times, and found a
    few unauthorized things in the past!
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Miller Alan: "SunFire 6800/15K How many CPUs"

    Relevant Pages