[BBLISA] Guidelines for giving full root access to DBAs
Sharon Nagao
sharon.nagao at gmail.com
Sun Aug 20 11:20:46 EDT 2006
Michael,
Thank you for the excellent suggestions. I will look into tripwire
immediately.
As for feeling the pain by the DBAs, that will take some time, thinking and
discussion with the other admins. I would appreciate it if people could
share their policies/procedures if they have them.
Any other advice by you or others would be most welcomed.
Thank you,
Sharon
On 8/20/06, Michael Tiernan <michael.tiernan at gmail.com> wrote:
>
> On 8/20/06, Sharon Nagao <sharon.nagao at gmail.com> wrote:
> > I was informed last week by my manager that the DBAs is to have full
> root
> > access to all Dev and Test servers in our environment.
> As quick as a bunny in hunting season I'd get tripwire running on the
> systems. You can skip doing MD5 sums for most of the files (it
> consumes a lot of time and cycles) just a reality check of
> permissions, ownership, change/modify/access times, and simple
> checksum will leave you lots of breadcrumbs to follow.
>
> Second thing to do is to figure out how to get them to feel the pain
> when something goes wrong (not that we're expecting this to
> happen.....) Maybe devise a plan where any changes they've made have
> to be reviewed and either approved or challenged. If it's challenged,
> they have to account for the reaons or switch it back. Make sure they
> get paged for errors too. ;)
> --
> << MCT >> Michael C Tiernan.
> Is God a performance artist?
> EGO hack vivo quod ago accido.
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20060820/9fa8d231/attachment.htm
More information about the bblisa
mailing list