[lug] recovering sudo w/o root
Nate Duehr
nate at natetech.com
Wed Jan 14 17:08:33 MST 2004
On Wednesday 14 January 2004 04:05 pm, Bear Giles wrote:
> If you trust your environment, tape the envelope to the inside of
> the case. Slip the index card into the envelope. Always
> available in a known place.
Heh... a better one was my friend who GPG encrypted a text file with all
the critical system password info then asked the company LAWYERS to store
it in THEIR safe on CD-R and had them sign a document that only the
CEO/COO could request it be removed. (Except updates.)
Lawyers guard their document safes like a momma mountain lion with
kittens. Wonderful idea he had there. The psychological implications of
having to ask the company lawyers to get into their safe made a nice
deterrent.
A new one was put in every time the system passwords were changed, and the
old one shredded/destroyed. The sealed envelope with the document that
had the GPG passphrase typed on it was stored somewhere completely
different... I forget now...
But it was convoluted enough that no one would attempt messing with
getting it unless all the admins were "run over by a bus"... which was
what it was there to cover for... heh. Or I suppose if they wanted to
fire all of us at once, it would have come in handy. ;-)
--
Nate Duehr, nate at natetech.com
More information about the LUG
mailing list