On Thu, 2003-10-23 at 17:58, Fajar Priyanto wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 23 October 2003 09:48 pm, Jack Coates wrote: > > .bash_history is cake; just kill -9 your own session instead of using > > logout or exit. wtmp is harder, that'll involve editing the logfiles. > > BTW, ssh has its own access log so check that one too for > > inconsistencies with wtmp. > > Thanks Jack, > The problem we're dealing here is the process of replacing our current > administrator because of - unfortunately - negative cause. > > So, right now he's still got his root password. Do you have any resource on > good practice how to replace administrator in safe and good way? > Thanks
First I would vipw and comment out his username. (keeps his user data but denies access.) Then change root password... ASAP! Then change every users password. Then remove him from groups sudo etc. Then run chkrootkit. James > - -- > Fajar http://linux.arinet.org > Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux > 07:50:47 up 16 min, 10 users, load average: 0.30, 0.63, 0.52 > Quote of the day: > NT (as in Windows NT) is short for "Not Trustworthy". > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/mHlNMai9kCFqACoRAhHIAKCE/XgiBRwu4XHb5RIA2IucHOnk2gCeMehk > /NVv4bpLvvWsNm8yxYnPxrU= > =e9jo > -----END PGP SIGNATURE----- > > > > ______________________________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
