Removing A User
Removing A User
you can change it to this:
4 Remove SSH Keys
If your organization uses Secure Shell (SSH, usually provided on Linux by OpenSSH) and you allow remote RSA or DSA key authentication, a user can get access to the system even if the password is disabled. This is because SSH uses separate keys. For instance, even after you have locked Brian Wilson out of your system using the steps shown up to now, he could get on another computer somewhere and run a command such as:
bwilson:~$ ssh -f -N -L8000:intranet.yourcompany.com:80 my.domain.com
This forwards traffic to port 80 (the port on which a web server usually listens) on your internal servert. We will discuss this type of activity in more detail in the security section of this book. Obviously, if your system offers SSH, you should remove authorized keys from ~bwilson/.ssh or ~bwilson/.ssh2 directories in order to stop a user from regaining access to his account this way. Likewise, look for shosts and rhosts files in the user's home directory: ~bwilson/.shosts and ~bwilson/.rhosts.
For example, if bwilson's home directory is /home/bwilson, you can remove these keys like this:
# rm -fr /home/bwilson/.ssh/*
# rm -fr /home/bwilson/.ssh2/*
# rm -fr /home/bwilson/.shosts
# rm -fr /home/bwilson/.rhosts
5 Kill The User's Processes
Also, check to see if the user still has any processes running on the system. Such processes might act as a backdoor to allow a user into a network The following command will tell you if any are running currently.
# ps aux | grep -i ^bwilson
If you get an output like this:
bwilson 1960 0.0 0.2 1684 628 ? Ss 10:10 0:00 /usr/sbin/someprocess
Then you can kill the process like this:
# kill -9 1960
where 1960 is the process ID (pid).
Some other questions a system administrator might ask about a personal user who has left the company include:
- Could bwilson execute Common Gate Interface (CGI) scripts from his home directory or on one of the company's web servers?
- Do any email forwarding files such as ~bwilson/.forward exist? Users can utilize forwarders to send mail to their accounts and cause programs to be executed on the system where they supposedly do not have access.
|Please do not use the comment function to ask for help! If you need help, please use our forum.|
Comments will be published after administrator approval.