make user equivalent to root
Warren Togami
warren at togami.com
Tue Feb 6 21:23:05 PST 2001
Do not discount the possibility that one of those users' home machine was
cracked by some trojan, and somebody stole the root password. Somebody
could have also executed a man-in-the-middle attack on SSH to steal the root
password. Are you sure the box wasn't cracked via some other vulnerable
service?
Even with "su", users (or crackers) could easily modify the syslogs to
erase any record of their mischief. The only way to guard against that is
with a dedicated remote syslog server, and some cryptographic binary checker
like tripwire (which you should be running anyway) to prevent hacked
replacements of your system binaries which could also disguise suspicious
activity.
Or, just use sudo.
----- Original Message -----
From: "Mike Ballon" <calzonie at hawaii.rr.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Tuesday, February 06, 2001 6:20 PM
Subject: [luau] Re: make user equivalent to root
> There is no way to track user if they all use the same logon. And since
> finding a grown-up in the world that will admit he/she screwed up is not
> going to happen things have to be logged. It's all about accountablity,
> nothing more nothing less. We've work fine will everyone just su'ing to
> root but there was something major done in the last two weeks or so and
> nobody will own up.
>
More information about the LUAU
mailing list