UNIX System Administration Handbook - Evi Nemeth [477]
A few weeks later, it happened again. This time it seemed to be a different person reading the mail, Tom. The senior sysadmin called Tom into his office and confronted him with the evidence. But Tom was at a basketball game when the log files showed that the access had occurred.
Upon further investigation and after backtracking through several machines, the sysadmin discovered that Joe was the true culprit once again. Half an hour later, Joe was fired and the contents of his desk were on the curb.
A policy that allows for one warning is a license to steal until caught.
Wedding invitations
A sysadmin who was getting married and hadn’t finished all the preparations for the wedding gave his best man (a sysadmin from another site) the key to his office and the root password to his workstation. The friend was to go into work and make last-minute place cards for the tables at the reception. This incident violated lots of local policies and was noticed by other sysadmins because the common practice was to use the sudo command instead of logging in as root or using su .
The root password was the same on all machines, so the visitor had actually been given the password and physical access to the entire site. But no damage was done.
The circumstances seemed special, but written policy was violated. The employee was a valuable member of the staff. What to do? He was somewhat reluctantly fired with cause; he fought it and lost.
Pornographic GIF images
A student’s high school buddy came down to visit the computer lab during the summer. The student showed his friend how to view GIF files and showed him the location of a few “interesting” ones. He installed the friend at the last workstation at the back of the room and then worked on his homework. When they were done, they left.
Some time later (days, probably) the dean of engineering, accompanied by the basketball coach, was showing a promising recruit from Texas (a woman) around the campus. The dean had a key to the labs and so instead of entering as the students do, with an access card, he entered at the back of the lab with his key.
The first workstation they saw was the one on which the friend had viewed GIFs. And thanks to the magic of screen savers, when the mouse was moved, a sexually explicit photograph appeared on the screen. Needless to say, the dean and the basketball coach were furious; the student thought it was no big deal. The dean demanded that all GIFs be removed from university-owned computers and that the student who left it on the screen be expelled from school.
Our policy agreement, which the student had signed, said that you should not display pictures on your screen that would offend other people. The end result was that the student lost his login for a semester. The policy agreement was reviewed by the lawyers (who upheld the computer science department’s side, not the dean’s), and the whole incident was handled within the department. We apologized to the recruit.
Migrating data
A small Colorado business used a local service firm for hardware and software support. One evening, their system administrator was swapping out a disk on which the bearings were going bad. The service firm had supplied not only the replacement disk but also a large scratch disk so that the transfer could be made without going to tape and back again. The sysadmin installed the replacement disk and the scratch disk and rebooted.
He was surprised when the workstation booted from the replacement disk and complained that the clock was 297 days off. Should he wipe the disk immediately? Should he look at the data? Should he just return the disk to the service provider? His first instinct was to wipe the disk without looking at it, but after some reflection it seemed better to check and see whose data it was so that the service provider could determine how it had slipped out with data on it.
A quick scan