Re: [Veritas-bu] Unadvertised utility in Netbackup
On Tue, Feb 07, 2006 at 07:51:00AM -0500, Paul Keating wrote: > Sounds like you might want something like Powerbroker. > > Rather than everyone having "root", each person logs in as themselves, and > executes a powerbroker script that gives them the access rights they need (if > that is "root", then so be it.) > Everything gets logged on the powerbroker server, and only one person needs > root. > also see "sudo" from the open source world. ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
RE: [Veritas-bu] Unadvertised utility in Netbackup
Title: Message Sounds like you might want something like Powerbroker. Rather than everyone having "root", each person logs in as themselves, and executes a powerbroker script that gives them the access rights they need (if that is "root", then so be it.) Everything gets logged on the powerbroker server, and only one person needs root. Paul -Original Message-From: Hampus Lind [mailto:[EMAIL PROTECTED] Sent: February 6, 2006 4:24 PMTo: Paul Keating; veritas-bu@mailman.eng.auburn.eduSubject: SV: [Veritas-bu] Unadvertised utility in Netbackup We have a lot of root people at all our shops.. L Of course I got access to all the data that are controlled under netbackup, and with that can cause great damage. The question was more in terms of is it logged somewhere? I`am I really safe if something happens and people know I got this feature? I cant really proof that I did not use this command? What about bpinst, that are a far more powerful utility that allow you to execute scripts on any client server you which. When it comes to SLA`s our units agree to backups and controlled restores, not to the possibility of undocumented programs that pretty much can do anything anytime without any logging on there servers. MVH / Hampus LindRikspolisstyrelsenNational Police BoardTel dir: +46 (0)8 - 401 99 43Tel mob: +46 (0)70 - 217 92 66E-mail: [EMAIL PROTECTED] -Ursprungligt meddelande-Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Paul KeatingSkickat: den 6 februari 2006 20:58Till: veritas-bu@mailman.eng.auburn.eduÄmne: RE: [Veritas-bu] Unadvertised utility in Netbackup it's executable by root. keep unauthorized root out of your box...sleep well at night. yes, it's a security risk...yes, it can save your buttyes, you can shoot yourself in the foot with it...you can even blow your whole leg off. anything you can do with bpgp, you can do with a creative backup and restore. Paul -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus LindSent: February 6, 2006 2:13 PMTo: veritas-bu@mailman.eng.auburn.eduSubject: [Veritas-bu] Unadvertised utility in Netbackup Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus LindRikspolisstyrelsenNational Police BoardTel dir: +46 (0)8 - 401 99 43Tel mob: +46 (0)70 - 217 92 66E-mail: [EMAIL PROTECTED] La version française suit le texte anglais. This email message from the Bank of Canada is given in good faith, and shall not be binding or construed as constituting any obligation on the part of the Bank. This email may contain privileged and/or confidential information, and the Bank of Canada does not waive any related rights. Any distribution, use, or copying of this email or the information it contains by other than the intended recipient is unauthorized. If you received this email in error please delete it immediately from your system and notify the sender promptly by email that you have done so. Recipients are advised to apply their own virus checks to this message upon receipt. L'information communiquée dans les courriels en provenance de la Banque du Canada est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit aucunement être interprétée comme constituant une obligation de sa part. Le présent courriel peut contenir de l'information privilégiée ou confidentielle. La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu'il contient par une personne autre que le ou les destinataires désignés est interdite. Si vous recevez ce courriel par erreur, veuillez le supprimer immédiatement et envoyer sans délai à l'expéditeur un message électronique pour l'aviser que vous avez éliminé de votre ordinateur toute copie du courriel reçu. Dès la réception du présent message, le ou les destinataires doivent activer leur programme de détection de virus pour éviter toute contamination possible.
SV: [Veritas-bu] Unadvertised utility in Netbackup
Title: Message We have a lot of root people at all our shops.. L Of course I got access to all the data that are controlled under netbackup, and with that can cause great damage. The question was more in terms of “is it logged somewhere”? I`am I really safe if something happens and people know I got this “feature”? I cant really proof that I did not use this command? What about bpinst, that are a far more powerful utility that allow you to execute scripts on any client server you which. When it comes to SLA`s our units agree to backups and controlled restores, not to the possibility of undocumented programs that pretty much can do anything anytime without any logging on there servers. MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED] -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Paul Keating Skickat: den 6 februari 2006 20:58 Till: veritas-bu@mailman.eng.auburn.edu Ämne: RE: [Veritas-bu] Unadvertised utility in Netbackup it's executable by root. keep unauthorized root out of your box...sleep well at night. yes, it's a security risk...yes, it can save your buttyes, you can shoot yourself in the foot with it...you can even blow your whole leg off. anything you can do with bpgp, you can do with a creative backup and restore. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus Lind Sent: February 6, 2006 2:13 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unadvertised utility in Netbackup Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED]
RE: [Veritas-bu] Unadvertised utility in Netbackup
The first time I saw bpgp it was in the script called add_slave_on_client. It was used to gather the bp.conf file from all of the UNIX clients unto the master server. The new slave server entry would then be appended to the client's bp.conf file. bpgp would then be used to send the modified bp.conf file back to the client. >>> "Paul Keating" <[EMAIL PROTECTED]> 2/6/2006 2:58 PM >>> it's executable by root. keep unauthorized root out of your box...sleep well at night. yes, it's a security risk...yes, it can save your buttyes, you can shoot yourself in the foot with it...you can even blow your whole leg off. anything you can do with bpgp, you can do with a creative backup and restore. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus Lind Sent: February 6, 2006 2:13 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unadvertised utility in Netbackup Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED] ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
RE: [Veritas-bu] Unadvertised utility in Netbackup
Title: Message it's executable by root. keep unauthorized root out of your box...sleep well at night. yes, it's a security risk...yes, it can save your buttyes, you can shoot yourself in the foot with it...you can even blow your whole leg off. anything you can do with bpgp, you can do with a creative backup and restore. Paul -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus LindSent: February 6, 2006 2:13 PMTo: veritas-bu@mailman.eng.auburn.eduSubject: [Veritas-bu] Unadvertised utility in Netbackup Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus LindRikspolisstyrelsenNational Police BoardTel dir: +46 (0)8 - 401 99 43Tel mob: +46 (0)70 - 217 92 66E-mail: [EMAIL PROTECTED] La version française suit le texte anglais. This email message from the Bank of Canada is given in good faith, and shall not be binding or construed as constituting any obligation on the part of the Bank. This email may contain privileged and/or confidential information, and the Bank of Canada does not waive any related rights. Any distribution, use, or copying of this email or the information it contains by other than the intended recipient is unauthorized. If you received this email in error please delete it immediately from your system and notify the sender promptly by email that you have done so. Recipients are advised to apply their own virus checks to this message upon receipt. L'information communiquée dans les courriels en provenance de la Banque du Canada est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit aucunement être interprétée comme constituant une obligation de sa part. Le présent courriel peut contenir de l'information privilégiée ou confidentielle. La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu'il contient par une personne autre que le ou les destinataires désignés est interdite Si vous recevez ce courriel par erreur, veuillez le supprimer immédiatement et envoyer sans délai à l'expéditeur un message électronique pour l'aviser que vous avez éliminé de votre ordinateur toute copie du courriel reçu. Dès la réception du présent message, le ou les destinataires doivent activer leur programme de détection de virus pour éviter toute contamination possible.
RE: [Veritas-bu] Unadvertised utility in Netbackup
That Utility is an undocumented Utility. I believe that utility is in the system for Veritas Tech support and we the users have hijacked for use. Tony Tocco [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus Lind Sent: Monday, February 06, 2006 2:13 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unadvertised utility in Netbackup Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED]
[Veritas-bu] Unadvertised utility in Netbackup
Hi all, What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere? Thanks and regards, MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED]