If I were the manager there...

Story: Having Fun At Other Solaris Sys Admins' ExpenseTotal Replies: 10
Author Content
caitlyn

Apr 15, 2009
5:05 PM EDT
...and I saw this post and knew who had done this at my shop this guy would be fired in a heartbeat. It isn't funny. He cost the company time and productivity which translates into money. In this economy there are plenty of good, qualified Solaris admins looking for work.
gus3

Apr 15, 2009
5:28 PM EDT
Actually, I think there's a lesson to be communicated from this. Most data theft cases are inside jobs, and this script demonstrates just how easy it is to compromise a system via physical access.

It's one thing to provide services (do what it's supposed to do). It's quite another to secure the data (not do what it isn't supposed do: leak data, fall to worms, keystroke logger, etc.).

Two weeks ago, I watched someone I know put down his credit card and walk away from it, at the store check-out. I should have hidden it, to teach him a lesson.

If this prank can teach an admin to be sufficiently paranoid, then good can come of it.
Sander_Marechal

Apr 15, 2009
5:38 PM EDT
Quoting:this script demonstrates just how easy it is to compromise a system via physical access.


The trouble is that any box to which you can have physical access can be compromised. First order of business at any company is locking away the machines so nobody can get to them except the people responsible. I've visited many companies and I am always very surprised how easily you can get physical access to their servers.
caitlyn

Apr 15, 2009
7:25 PM EDT
@gus3: Yes, some good could come of it. However, I think panic and lost time is more likely. Let's put it this way: if a sysadmin did this and I was manager and he or she didn't get my approval first he or she would be fired. If the company or organization has change management rules they would certainly have been violated. There are better ways to make the point in any case.

Most inside jobs aren't caused by physical access in any place. If you lock someone out of the building but fail to promptly delete their access.... If someone is still employed but is disgruntled and malicious... Whether they get caught or not depends on their skill level and how well they cover their tracks.

@Sander: Absolutely correct. Many places have locked server rooms. Far too many just do not.
eggi

Apr 15, 2009
9:30 PM EDT
Wow,

Actually, where I work, having fun in the test lab is encouraged, Caitlyn. It keeps everyone sharp and livens up the mood at the one point in the build process where money doesn't get lost. Believe me when I tell you that more time and money (if we're to translate it this way) is lost in genuine failed installation attempts by new sysadmins than in controlled pranks that last less than 10 minutes. I would never set something like this up and then leave for the day. That would be cruel.

The security issue is a good point. You can't keep any machine safe from the people who have access to it, except to monitor them heavily (video surveillance, keycard systems, biometric hand scanning, man traps, etc) but you can nail them afterward. I've worked on government machines before and they do about the next best thing by eliminating the root account completely and requiring you to request the boot cd in order to do anything as root. I always thought that was a bit extreme (especially since the guys who deliver the cd, and wait for you to return it, carry weapons), but it's also extremely effective at cutting down on tampering. I think everyone gives everything a second thought if there's a chance they could be shot for goofing around ;)

Security wasn't really the issue of the post (it was all in good fun), but getting new sysadmin's used to having the unexpected happen in the safest environment possible is not only fun for veteran staff, but also builds a sense of comaraderie between co-workers. It's good to know you work with people who can take it as well as they can dish it out. I've been the victim, myself, from time to time, and I enjoyed every minute of it. I'm not blowing hot wind; it really does make you think outside the box. The more options you can entertain, the more efficient a troubleshooter you become.

And, Caitlyn, just so you're positive I'm not attacking you, I absolutely agree that anyone who would do this in a production environment (even in QA, development, staging, etc) should be reprimanded. Once a machine gets released to the internal customer there's no more monkey business. Up to that point, occassionally messing with your friends and co-workers (as well as being messed with by them) is a good healthy practice and it has, among other positive benefits, the side-effect of making everyone more aware of the way things "should" be and indirectly teaches the receiver how to solve problems in a manner to which they are unaccustomed. Most good qualified sysadmin's got that why by dealing with adversity. It's actually nicer when that adversity can be laughed about rather than sweated over. Being too serious is, in my experience, just as detrimental to the work environment as being too care-free :)

Believe me. I never would have posted it if it were an issue. Several people where I work know who I am, that I write this blog and I have my real name printed on every page. I'd have to be insane to post that goof. Of course, I may be. That' still up for debate ;)

, Mike

tuxchick

Apr 15, 2009
11:41 PM EDT
Mike, you could make it obvious it's a prank with l33t spelling, like IM IN UR BOX AND I PWN U. Though given the rapidly failing level of literacy, it probably wouldn't work. Anyway I laughed.
jdixon

Apr 15, 2009
11:59 PM EDT
>> If the company or organization has change management rules they would certainly have been violated.

> I made sure to install it up front in the /etc/rc2.d directory (from JumpStart) so that any admin watching a new installation come up for the first time (to verify its integrity) would be guaranteed to see it.

It wasn't a production machine, Caitlyn; the change control rules wouldn't apply.
moopst

Apr 16, 2009
5:18 PM EDT
Quoting:Man, it was fun until I had to fix the problem and pretend I had no idea what happened ;)
I'd say in that case you shouldn't have done it. You're creating an incident that would go into a database and bring scruteny from system sleuth types. All a waste of time. You don't mess around in the run level directories.
eggi

Apr 16, 2009
10:33 PM EDT
tuxchick, you're right - I am way too verbose. That being said, I'll make this short... two weeks to build a box + a bunch of guys who like each other - security + the fact that everyone knew I did it since "I" had to fix it + a good laugh = fun :) and all work + no play = a sad philosophy ;) Relax. Enjoy life. No matter how righteous, we'll all be dead soon :) -mdg
tuxchick

Apr 16, 2009
10:56 PM EDT
Right eggi, your tombstone will be the one with the squirting flowers :)
azerthoth

Apr 17, 2009
12:49 AM EDT
and the solar powered motion sensitive ghost sound effects.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!