On Wed, Jul 04, 2001 at 11:37:40AM +0100, Jane Shaw wrote:
> I have recently become system administrator of a HP-UX box in a global
> company. I do not have any UX experience, and would appreciate any
> comments/details/suggestions on the issue of securing access to the box. It
> sits outside the firewall, and needs to be accessed by users from several
> different countries, as well as users based here. These users are from
> several different departments and should normally only have access to
> certain files relevant to them. I was thinking of making them members of
> groups with predefined privileges, except that in certain cases, users need
> to access files not permitted by their group. Suggestions? I had also
> considered restricting access to the box based on IP address. Does anybody
> know how this can be done under UX? Other issues I had considered were:
> 1. Upon two unsuccessful login attempts, an alarm should be generated to
> sysadmin.
> 2. Successful modifications to critical files should be alarmed to sysadmin
> 3. Display time and date of last successful login for all logins.
> 4. Terminate an inactive session after 30 mins.
> If anyone has dealt with similar security issues, under UX, or any other
> Unix O.S. I would appreciate the help. As I am new to UX, command details
> would be very useful.
Am I the only one astonished by this ? In the first case, this a Linux Users
Group mailing list, though we do get occasional other queries from members.
Secondly, she freely says that she has NO UX experience (and the tone of her
questions makes me believe that she doesn't have much Unix experience) and
it seems that she thinks that one post to a Linux mailing list will turn her
into a competent HP-UX administrator.
But what I find most astonishing is the fact that Jane's global (but
presumably not very clueful) will put somebody with this level of
inexperience in charge of a box which is definitely in the worst place it
can be in terms of security, and also sounds like it is fairly important to
the company.
The one saving grace (and it's a small one) is that it's a HP-UX box which
is probably reasonably immune to the attentions of the script kiddies.
Jane, this assignment is not going to be career enhancing unless you get
some serious training, and that soon. And frankly, if you had the ability to
absorb that much training that quickly, you should have had the intelligence
to refuse this poisoned chalice.
Forgive my jaundiced view, but I can't see what other kind of view any
rational person could have of this situation.
Kindest regards,
Niall O Broin
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
