SLUG Mailing List Archives
[SLUG] A Sys Admin's worst nightmare
- To: Slug <slug@xxxxxxxxxxx>
- Subject: [SLUG] A Sys Admin's worst nightmare
- From: Simon Wong <linux@xxxxxxxxx>
- Date: Fri, 21 Apr 2006 11:51:42 +1000
- Cc: Ubuntu AU <ubuntu-au@xxxxxxxxxxxxxxxx>
I have setup an Internet Cafe for a mate of mine in a far away land.
In what seems like a nightmare I haven't woken up from yet, he is
proposing a crazy marketing stunt to pull in people to the Cafe. A
$1000 reward for obtaining the root password off one of the PC
I don't even want to repeat that, I'm just trying to think of it as the
ultimate vote of confidence ;-)
Outline of the system design is:
* The PCs are all running Ubuntu Breezy (as is the server).
* The local user accounts are supplied via NIS from a central
server (only user accts, all passwords disabled) as all
authentication is done via PAM radius, back to the central
server. Yes, I know LDAP will be in v2.
* IPsec secures communication between each PC and the server
* There is an admin account with full root sudo access on each PC
and the root password has been set the same (doesn't seem like a
lot of point if "admin" has root sudo access anyway to have it
different - correct me if I'm off track here)
* The PC admin/root passwords do not match those on the server
Rules of engagement
* Must be on-site and present (no at/cron jobs)
* Cannot boot off anything else (of course)
* Cannot change boot parameters
* No malicious activity (I know, what does this mean under these
* They have to open a file only readable by root and report back
the contents plus the root password plus the method of attack
* I am going to push for this to only be for 1-2 weeks tops
I'd love some feedback from people on what further preps I should
I know that sounds very open ended but should I really trust the default
installation to be safe enough?
Of course, a public system like this is always open to naughtiness but
legitimising it is really scary.
Simon Wong <linux@xxxxxxxxx>