RE: [Veritas-bu] Unadvertised utility in Netbackup

[Paul Keating]

Title: Message

Sounds like you might want something like Powerbroker.   Rather than everyone having "root", each person logs in as themselves, and executes a powerbroker script that gives them the access rights they need (if that is "root", then so be it.) Everything gets logged on the powerbroker server, and only one person needs root.   Paul -----Original Message----- From: Hampus Lind [mailto:[EMAIL PROTECTED] Sent: February 6, 2006 4:24 PM To: Paul Keating; veritas-bu@mailman.eng.auburn.edu Subject: SV: [Veritas-bu] Unadvertised utility in Netbackup We have a lot of root people at all our shops.. L   Of course I got access to all the data that are controlled under netbackup, and with that can cause great damage. The question was more in terms of “is it logged somewhere”? I`am I really safe if something happens and people know I got this “feature”? I cant really proof that I did not use this command? What about bpinst, that are a far more powerful utility that allow you to execute scripts on any client server you which.   When it comes to SLA`s our units agree to backups and controlled restores, not to the possibility of undocumented programs that pretty much can do anything anytime without any logging on there servers.     MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED] -----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Paul Keating Skickat: den 6 februari 2006 20:58 Till: veritas-bu@mailman.eng.auburn.edu Ämne: RE: [Veritas-bu] Unadvertised utility in Netbackup   it's executable by root.   keep unauthorized root out of your box...sleep well at night.   yes, it's a security risk...yes, it can save your butt....yes, you can shoot yourself in the foot with it...you can even blow your whole leg off.   anything you can do with bpgp, you can do with a creative backup and restore.   Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hampus Lind Sent: February 6, 2006 2:13 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unadvertised utility in Netbackup Hi all,   What are your comments to the bpgp utility, and others, in netbackup? I understand that it sometimes are useful for backup admins, my self included. But isen`t it also a great security risk? Does the use of this utility get logged somewhere?   Thanks and regards, MVH / Hampus Lind Rikspolisstyrelsen National Police Board Tel dir: +46 (0)8 - 401 99 43 Tel mob: +46 (0)70 - 217 92 66 E-mail: [EMAIL PROTECTED]   ==================================================================================== La version française suit le texte anglais. ------------------------------------------------------------------------------------ This email message from the Bank of Canada is given in good faith, and shall not be binding or construed as constituting any obligation on the part of the Bank. This email may contain privileged and/or confidential information, and the Bank of Canada does not waive any related rights. Any distribution, use, or copying of this email or the information it contains by other than the intended recipient is unauthorized. If you received this email in error please delete it immediately from your system and notify the sender promptly by email that you have done so. Recipients are advised to apply their own virus checks to this message upon receipt. ------------------------------------------------------------------------------------ L'information communiquée dans les courriels en provenance de la Banque du Canada est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit aucunement être interprétée comme constituant une obligation de sa part. Le présent courriel peut contenir de l'information privilégiée ou confidentielle. La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute diffusion, utilisation ou copie de ce courriel ou des renseignements qu'il contient par une personne autre que le ou les destinataires désignés est interdite. Si vous recevez ce courriel par erreur, veuillez le supprimer immédiatement et envoyer sans délai à l'expéditeur un message électronique pour l'aviser que vous avez éliminé de votre ordinateur toute copie du courriel reçu. Dès la réception du présent message, le ou les destinataires doivent activer leur programme de détection de virus pour éviter toute contamination possible.