[SunHELP] Root Passwd
Lund, Dennis
sunhelp at sunhelp.org
Fri Jun 22 09:56:08 CDT 2001
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0FB2B.780D7FD0
Content-Type: text/plain;
charset="iso-8859-1"
One way to find out what the user is up to would be to write a script like
this:
#!/bin/ksh
#
# This script is intended to log user command line activities.
# It will start the "script" command when a user opens a command terminal
# or xterm and log all commands that are typed in that window.
#
DATE=`date '+%m%d%y%H%M%n'`
UACCNT=`who -m | awk '{print $1}'`
PORTNUM=`who -m | awk '{print $2}' | cut -c1,2,3,5,6`
print $PORTNUM
FRHOST=`who -m | grep -v grep | grep <username> | cut -c39-59 | sed s/\)//`
LOG1=/var/adm/.script_log
print "Log in from:" > $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
/usr/bin/who -m >> $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
print "\n" >> $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
/usr/bin/script -a $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
Add a line to the end of the users .profile and the script will log
everything the use does
to the log file. Try to hide the log file to make it more difficult for the
user to find it. You can
even have it log to a remote machine.
You can modify this script to alert you as soon as the user logs in so you
can
tail the log file if you wish.
Dennis L. Lund
-----Original Message-----
From: Lund, Dennis [mailto:Dennis.Lund at sciatl.com]
Sent: Friday, June 22, 2001 8:58 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Root Passwd
I would have to agree with this 100%. If the person is not
cooperating, take it to management. A breach of security like
this is totally unacceptable.
Dennis L. Lund
-----Original Message-----
From: Przyjazny, Martin [ mailto:martin.przyjazny at eds.com
<mailto:martin.przyjazny at eds.com> ]
Sent: 21 June 2001 14:11
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Root Passwd
Or instead of perpetuating the non-cooperative spirit,
talk to him frankly, and involve management.
The sysadmin IS management.
>From a sysadmin point of view there are limits to what a user is and isn't
allowed to do.
DIY privilege elevation is strictly on the "DO NOT" list. The user has
already proved to be
uncooperative by not handing over the script/binary.
In most organisations such behaviour warrants disciplinary action. If one of
your users compromises a system that you run what would your reaction be? A
polite, "please don't do that", isn't what's in the books. I think most
admins would use, "You're fired!"
I may sound harsh but I don't think I'm being unreasonable.
MetaPack
The Lightwell
12/16 Laystall Street
Clerkenwell
London EC1R 4PF
Tel: +44 (0) 20 7843 6720
Fax: +44 (0) 20 7843 6721
--------------------------------------------------------------------------
This email is confidential and proprietary;
all information contained in it must be used only by the addressee in
accordance with MetaPack's terms of business and non-disclosure agreement.
Disclosure, copying, and distribution to, or use by, anyone other than the
intended recipient is strictly prohibited and may be unlawful.
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
<http://www.sunhelp.org/mailman/listinfo/sunhelp>
- - - - - - - Appended by Scientific-Atlanta, Inc. - - - - - - -
EN-US; mso-bidi-language: AR-SA; BR>: 'Times New Roman'">This e-mail and any
attachments may contain information which is confidential, proprietary,
privileged or otherwise protected by law. The information is solely intended
for the named addressee (or a person responsible for delivering it to the
addressee). If you are not the intended recipient of this message, you are
not authorized to read, print, retain, copy or disseminate this message or
any part of it. If you have received this e-mail in error, please notify the
sender immediately by return e-mail and delete it from your computer.
------_=_NextPart_001_01C0FB2B.780D7FD0
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: [SunHELP] Root Passwd</TITLE>
<META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>One way to
find out what the user is up to would be to write a script like
this:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001>#!/bin/ksh<BR>#<BR># This script is intended to log
user command line activities.<BR># It will start the "script" command when a
user opens a command terminal<BR># or xterm and log all commands that are typed
in that window.<BR>#<BR>DATE=`date '+%m%d%y%H%M%n'`<BR>UACCNT=`who -m | awk
'{print $1}'`<BR>PORTNUM=`who -m | awk '{print $2}' | cut -c1,2,3,5,6`<BR>print
$PORTNUM<BR>FRHOST=`who -m | grep -v grep | grep <username> | cut -c39-59
| sed s/\)//`<BR>LOG1=/var/adm/.script_log</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>print "Log in
from:" > $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE<BR>/usr/bin/who -m >>
$LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE<BR>print "\n" >>
$LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001>/usr/bin/script -a
$LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>Add a line to
the end of the users .profile and the script will log everything the use
does</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>to the log
file. Try to hide the log file to make it more difficult for the user to
find it. You can</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>even have it
log to a remote machine.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>You can
modify this script to alert you as soon as the user logs in so you
can</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>tail the log
file if you wish.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN
class=846153614-22062001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial><SPAN class=846153614-22062001>Dennis L.
Lund</SPAN></FONT></DIV>
<BLOCKQUOTE>
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Lund, Dennis
[mailto:Dennis.Lund at sciatl.com]<BR><B>Sent:</B> Friday, June 22, 2001 8:58
AM<BR><B>To:</B> 'sunhelp at sunhelp.org'<BR><B>Subject:</B> RE: [SunHELP] Root
Passwd<BR><BR></DIV></FONT><BR><BR>
<P><FONT size=2>I would have to agree with this 100%. If the person is
not </FONT><BR><FONT size=2>cooperating, take it to management. A breach
of security like</FONT> <BR><FONT size=2>this is totally unacceptable.</FONT>
</P>
<P><FONT size=2>Dennis L. Lund</FONT> </P>
<P><FONT size=2>-----Original Message-----</FONT> <BR><FONT size=2>From:
Przyjazny, Martin [<A
href="mailto:martin.przyjazny at eds.com">mailto:martin.przyjazny at eds.com</A>]</FONT>
<BR><FONT size=2>Sent: 21 June 2001 14:11</FONT> <BR><FONT size=2>To:
'sunhelp at sunhelp.org'</FONT> <BR><FONT size=2>Subject: RE: [SunHELP] Root
Passwd</FONT> </P><BR>
<P><FONT size=2>Or instead of perpetuating the non-cooperative spirit,</FONT>
<BR><FONT size=2>talk to him frankly, and involve management.</FONT> </P>
<P><FONT size=2>The sysadmin IS management.</FONT> </P>
<P><FONT size=2>From a sysadmin point of view there are limits to what a user
is and isn't</FONT> <BR><FONT size=2>allowed to do.</FONT> <BR><FONT
size=2>DIY privilege elevation is strictly on the "DO NOT" list. The user
has</FONT> <BR><FONT size=2>already proved to be </FONT><BR><FONT
size=2>uncooperative by not handing over the script/binary.</FONT> </P>
<P><FONT size=2>In most organisations such behaviour warrants disciplinary
action. If one of</FONT> <BR><FONT size=2>your users compromises a system that
you run what would your reaction be? A</FONT> <BR><FONT size=2>polite, "please
don't do that", isn't what's in the books. I think most</FONT> <BR><FONT
size=2>admins would use, "You're fired!"</FONT> </P>
<P><FONT size=2>I may sound harsh but I don't think I'm being
unreasonable.</FONT> </P><BR><BR><BR>
<P><FONT size=2>MetaPack</FONT> <BR><FONT size=2>The Lightwell
</FONT><BR><FONT size=2>12/16 Laystall Street </FONT><BR><FONT
size=2>Clerkenwell </FONT><BR><FONT size=2>London EC1R 4PF </FONT><BR><FONT
size=2>Tel: +44 (0) 20 7843 6720 </FONT><BR><FONT size=2>Fax: +44 (0) 20 7843
6721</FONT> <BR><FONT
size=2>--------------------------------------------------------------------------</FONT>
<BR><FONT size=2>This email is confidential and proprietary; </FONT><BR><FONT
size=2>all information contained in it must be used only by the addressee
in</FONT> <BR><FONT size=2>accordance with MetaPack's terms of business and
non-disclosure agreement. </FONT><BR><FONT size=2>Disclosure, copying, and
distribution to, or use by, anyone other than the</FONT> <BR><FONT
size=2>intended recipient is strictly prohibited and may be unlawful.</FONT>
<BR><FONT size=2>_______________________________________________</FONT>
<BR><FONT size=2>SunHELP maillist - SunHELP at sunhelp.org</FONT>
<BR><FONT size=2><A href="http://www.sunhelp.org/mailman/listinfo/sunhelp"
target=_blank>http://www.sunhelp.org/mailman/listinfo/sunhelp</A></FONT>
</P><CODE><FONT size=3><BR><BR><BR><BR><FONT face="Times New Roman"
size=3><SPAN
style="mso-fareast-font-family: Times New Roman; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><BR>-
- - - - - - Appended by Scientific-Atlanta, Inc. - - - - - - -<BR><SPAN
style="FONT-FAMILY: Times New Roman; FONT-SIZE: 10pt; mso-ansi-language: EN-US; mso-fareast-language: <BR>
EN-US; mso-bidi-language: AR-SA; BR>: 'Times New Roman'"></SPAN><FONT
face="Times New Roman" size=3><SPAN
style="mso-fareast-font-family: Times New Roman; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">This
e-mail and any attachments may contain information which is confidential,
proprietary, privileged or otherwise protected by law. The information is
solely intended for the named addressee (or a person responsible for
delivering it to the addressee). If you are not the intended recipient of this
message, you are not authorized to read, print, retain, copy or disseminate
this message or any part of it. If you have received this e-mail in error,
please notify the sender immediately by return e-mail and delete it from your
computer.</SPAN></FONT>
<P></P><BR><BR><BR></BLOCKQUOTE></FONT></CODE></SPAN></FONT></BODY></HTML>
------_=_NextPart_001_01C0FB2B.780D7FD0--
More information about the SunHELP
mailing list