RE: SUN Solaris User

From: Sean Boran (sean@boran.com)
Date: 11/10/01


From: "Sean Boran" <sean@boran.com>
To: "'Paul Julias'" <pjulias@cbz.co.zw>, <focus-sun@securityfocus.com>
Subject: RE: SUN Solaris User
Date: Sat, 10 Nov 2001 14:04:31 +0100
Message-ID: <009901c169e8$3c8da710$0a1111b0@swissptt.ch>


> I running a Sunscreen Firewall and have been requested to
> provide system
> access to our Networks Engineer who from time to time may want to
> troubleshoot comms including routing details. What is the
> best approach to
> creating such a user and what minimum level access should be provided.

I suggest you set up a sniffer on each side of the firewall and give him
access to that. You can used some cheap old sparc5s or so, and snoop
should keep him happy.
Make sure the sniffers are really welll hardened, and use access control
with SSH.

Otherwise, I would suggest a user account on the sunscreen, and use sudo
or rbac to allow him to access only snoop (don't give him root..).

Sean Boran