Re: root logging as internal

anon_1_at_my-deja.com writes:

> In article <954871662.23496.0.pluto.d4ee154e_at_news.demon.nl>,
> "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote:
 

> > > he did this
> > >
> > > $ su - oracle
> > >
> > > $ svrmgrl
> > >
> > > svrmgr > connect internal
> > >
> > > And he was off to the races. Seeing that this is a gaping hole in
 our
> > > security I tried a variety of items including using the orapwd
> > > utility. I ended up calling Oracle, and they said that since root
 is a
> > > special account and can su to anything, they can log into Oracle as
> > > they see fit.
> > >
> > > I'm having a tough time believing this. So...
> > >
> > > 1) Is this true?
> >
> > Yes!
> >
> > > 2) If there is a work around could you pls post it.
> > >
> >
> > Fire your admin
> > At some point you simply should trust a person and/or log all his
 actions on
> > a hardcopy terminal.
> > If you don't trust him, don't give them job. One of the facts in live
 in
> > Unix is anyone knowing the root password can do anything.
> >
>
> Wishful thinking - the UNIX admin contractor is in a seperate UNIX
> department. They utlimately report to a seperate department head.
> Basically you're looking at an act of Congress for a firing to happen -
> they are short handed. That's OK though - because they are at the
> front of the blame list if anything breaks (and I'm sure something will
> break). :-)

Install a few trojans of your own; chances are they won't check.

mv svrmgrl my_svrmgl;
cat > svrmgrl
#!/bin/sh
mail -s "blah" my_at_email.address <<EOF
Someone tried to run svrmgrl on `date`
whoami reports `whoami`
id reports `id`
my HOME is $HOME
EOF
$ORACLE_HOME/bin/svrmgrl
^D

-- 
The wheel is turning but the hamster is dead.
Craig Kelley  -- kellcrai_at_isu.edu
http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block