i will be changing the passwords on all user accounts. how would i make sure that there are no rogue accounts that i don't know of... like a back door account?
apps: sendmail, cfmx7, mysql, apache
Full Version: so if i fired my sys admin....
Well theres thousands of places to put a backdoor. Although I doubt if they where your sys admin they would open ports and hide things.
Just remove the accounts, change all passwords, make sure there are no ssh keys, in the .ssh folder for each account.
Check /etc/group for users in the wheel group.
Just remove the accounts, change all passwords, make sure there are no ssh keys, in the .ssh folder for each account.
Check /etc/group for users in the wheel group.
Don't forget about your SUDO configuration.
Stuff like that should probably be removed.
CODE
user ALL=(ALL) /bin/bash, su
Stuff like that should probably be removed.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.