[Server-devel] "Administrative" login for political reasons
Mike Dawson
mikeofmanchester at gmail.com
Fri Jan 21 07:10:55 EST 2011
Beautiful! I think I might package this and do the same. If you
wanna be really evil, one could have a system that automatically after
one week of no login activity posts messages on certain forums / email
lists. I wish folks would appreciate the value of the time of folks
that actually work with this stuff, rather than the value of time to
help them save face.
You could just tell them in the future "all the administrator
functions that you can handle are accessible externally: there's the
on and reset button"
-Mike
On 1/21/11, Sameer Verma <sverma at sfsu.edu> wrote:
> On Wed, Jan 19, 2011 at 6:01 PM, Anna <aschoolf at gmail.com> wrote:
>> I think enough time has passed that I can write this up in case anyone
>> else
>> runs into this situation. Back when I was tussling with a school IT guy,
>> he
>> demanded "administrative access" to the XSs. Err, you do realize there is
>> no GUI whatsoever and all you're going to see is a prompt, right? He was
>> a
>> Windows guy and didn't want to admit he had no clue what to do with a CLI
>> only Linux system. And got offended when I asked if he had an ssh client.
>> Well, Mr. Big Shot, here's your precious "admin" access.
>>
>> I created an "admin" user and set a password.
>>
>> adduser admin
>> passwd admin
>>
>> I use passwords for ssh, but do run it on a nonstandard port, deterring
>> the
>> script kiddies.
>>
>> Having previously installed and set up ssmtp so the XSs could send me
>> emails
>> via gmail, I edited /home/admin/.bashrc
>>
>> echo 'Login Alert on' `hostname` `who -m` | mail -s "Login Alert"
>> me at gmail.com
>>
>> Being of a nosy disposition, particularly when it comes to what's going on
>> with my systems, I set it up to quietly log everything he did with this
>> line
>> in /home/admin/.bash_profile
>>
>> script -q /var/log/sessions/login-`date
>> +%m-%d-%Y-%Hh-%Mm-%Ss`-`whoami`.log
>> && exit
>>
>> Created and set permissions to a dir in /var/log that looks innocuous:
>>
>> mkdir /var/log/sessions
>> chmod 777 /var/log/sessions
>>
>> And just in case he reads something on the internet, here's some sudo rope
>> to hang himself with. I can install and customize an XS in under an hour,
>> so whatever if he breaks it. I was actually really looking forward to
>> pulling logs to prove he was out of his league.
>>
>> visudo and then add an entry for admin under root.
>>
>> ## Allow root to run any commands anywhere
>> root ALL=(ALL) ALL
>> admin ALL=(ALL) ALL
>>
>> The hilarious bit was he claimed he logged into all my XSs and said
>> everything looked OK. What? I didn't get a single email notification and
>> /var/log/sessions was empty. I checked /var/log/secure just to be
>> absolutely sure. What a pompous liar. And a liar who didn't know better
>> than to lie to someone who could prove it via system logs.
>>
>> So that's my workaround for ignorant people who demand "admin" access.
>>
>> Anna Schoolfield
>> Birmingham
>>
>> _______________________________________________
>> Server-devel mailing list
>> Server-devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/server-devel
>>
>>
>
> You are hilariously evil >8-)~
>
> cheers,
> Sameer
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>
More information about the Server-devel
mailing list