Rookit infections: AARRGH!
Kevin D. Clark
clark_k at pannaway.com
Mon May 9 13:40:01 EDT 2005
Neil Joseph Schelly <neil at jenandneil.com> writes:
> That is an interesting perspective I hadn't considered. I can think of more
> than a time or two that would have been helpful in retrospect. So perhaps
> it's more of an administration best practice than a security best practice?
I dunno. I dealt with a BOFH once who owned the NIS DB. My machine
was part of the NIS domain. Mr. BOFH (who, by definition, was always
up to no good) created alternate root accounts in the passwd map, and
when he felt like abusing me he'd try to break into my system.
Because I disallowed root logins but carefully let him login under his
own account, I caught him logging in and trying to su to his alternate
root accounts (which I had also neutralized). With these records in
hand, I did various <political things> and subsequently Mr. BOFH
<generally> left me alone.
Gosh I miss him. Is this "security" or "administration"? Beats me.
--kevin
--
GnuPG ID: B280F24E And the madness of the crowd
alumni.unh.edu!kdc Is an epileptic fit
-- Tom Waits
More information about the gnhlug-discuss
mailing list