[Leaplist] Security Audit Advice
Robin (Bartow FL)
leap-cf.mailbox at gibp.com
Sun Dec 16 10:41:33 GMT 2007
From: Phil Barnett philb at philb.us
Sent: 12/15/07 12:41 AM
Subject: Re: [Leaplist] Security Audit Advice
>
> I'd find out who has the root password by changing it. Then I'd decide if they
> actually need root or sudo.
Excellent idea.
But I would clear this in advance with the person that would be authorizing my compensation. And email all system users within 30 seconds after the fact. This is because some users will not speak up right away, and could waste hours of company time before they figure out the root problem.
robin
More information about the Leaplist
mailing list