Well here we have a perfect example of the security team at work, although I must admit it has been some time since they have brought down a server there is still entries in the logs on some of the servers detailing the efforts of the team. These log entries, things like failed login attempts etc are the result of the non-intrusive scans that the team runs. Along with the services that they insist are disabled the security standard ensures that a server cannot be rebooted without a forced poweroff from service controller, not really too much of a problem at the moment, but once the servers are fully in the production environment it’ll be a royal pain in the ass! In this modern age where security has become a major concern, these people seem to hold an inordinate amount of sway when it comes to running the systems.
As I’ve said before I understand the need for security, in fact I’d like the security to be tighter in some respects – especially where the security team is concerned. If I had my way the /etc/profile file would be modified with the following, this would give me great satisfaction and would cause the security team some real grief – it would also let us see how resourceful they really are.
if ${LOGNAME} != “XXXXXXX”
then
:
else
exit 1
fi
I’d like to see how long it took our head of security to resolve that one and how he’d do it, it would certainly show if there were any back doors into the system – there’d be some other stuff to sort out but it’d be fun while it lasted. Oh! and before the comments come flooding in – I’d like to point out that I am aware of the scheduled jobs that copy the /etc/profile into place every few hours, but as a systems admin we have our ways of dealing with these things.