[SunHELP] Root Passwd

[Les]

You might look at auditing everything that this user does
in order to find what script/binary he is running.
Chews up disk space, but if you're monitoring carefully you
might solve your problem.
You can also do a search thru the system for everything 
with suid which is newer than system stuff. Have to look
at a lot of files, but most you can eliminate at a glance.

Are you positive that he has not obtained the root password?
I assume you've changed it to be sure & eliminate that.

Another possibility is changing his shell to a restricted one
giving him access to only what he HAS to have.

I personally would just lock his account and blow him off the system
until management told me to put him back in. 
If management refuses to maintain system security, so be it.
It is, after all, the boss's ultimate responsibility.
It's my job to be sure that he/she has all the facts and abide
by management decisions. They sign the checks.

I' d just make sure I got it in writing.
Les
<snip>
 
> Sheshagiri Padmanabha Rao wrote:
> 
> >   Hi    The script is in the binary & he is refusing to give it. I
> > think he is truncating some background system call & using 
> it for this
> > purpose.  Plz reply for this prob as early as posible. shesha
> 

_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp