This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prevent bad act by server admins?(key logging or clipboard grabbing and ...

Hi.

I have not known in which sub-forum must posted this topic.


I have web hosting service. I am my own admin.
If i employ a second linux and server admin ,mybe he change the linux os with his own compiled and he change core or other linux files for spying and hack!
If he insert keyloger or clipboard graber or spying file as default manner of core or a linux file, then antivirus can not find any problem.
How we can prevent this?

Please note:
I had Linux Debian OS in my computer i installed an application that was a legal keylogger and clipboard grabber.
I saw it detect root password and save it and save clipboards contents in a text file!!!
when i used several anti-viruses they could not find any problem and all said system is OK!!!!!!!!!!!!!!!!!!

That was only an application if a person compile or insert a Linux OS file that has ability of keylogging or clipboard grabbing generic anti-viruses can not find that.

We must give root access to our system admins, for example in a large company is thousands Linux web servers we want detect clipboard and keylogging acts even if defied as legal linux core files act.

Is there any solution?

Please help.
Thanks



This thread was automatically locked due to age.
Parents
  • ,mybe he change the linux os with his own compiled and he change core or other linux files for spying and hack!

    I think you need to hire good people or work through your trust issues (maybe both).

    Otherwise, EDR will let you query the endpoint or XDR will journal the activity and let you retrospectively query for malicious behaviour. You can also pipe bash history to syslog and use a SIEM to monitor what your admins are doing.

Reply
  • ,mybe he change the linux os with his own compiled and he change core or other linux files for spying and hack!

    I think you need to hire good people or work through your trust issues (maybe both).

    Otherwise, EDR will let you query the endpoint or XDR will journal the activity and let you retrospectively query for malicious behaviour. You can also pipe bash history to syslog and use a SIEM to monitor what your admins are doing.

Children
No Data