Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SV: [Veritas-bu] Unadvertised utility in Netbackup

2006-02-06 16:24:07
Subject: SV: [Veritas-bu] Unadvertised utility in Netbackup
From: hampus.lind AT rps.police DOT se (Hampus Lind)
Date: Mon, 6 Feb 2006 22:24:07 +0100 
This is a multi-part message in MIME format.

------=_NextPart_000_001D_01C62B6C.0B6F8C80
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

We have a lot of root people at all our shops.. :-(

=20

Of course I got access to all the data that are controlled under =
netbackup,
and with that can cause great damage.

The question was more in terms of =93is it logged somewhere=94? I`am I =
really
safe if something happens and people know I got this =93feature=94? I =
cant
really proof that I did not use this command?

What about bpinst, that are a far more powerful utility that allow you =
to
execute scripts on any client server you which.

=20

When it comes to SLA`s our units agree to backups and controlled =
restores,
not to the possibility of undocumented programs that pretty much can do
anything anytime without any logging on there servers.=20

=20

=20

MVH / Hampus Lind
Rikspolisstyrelsen
National Police Board
Tel dir: +46 (0)8 - 401 99 43
Tel mob: +46 (0)70 - 217 92 66
E-mail: hampus.lind AT rps.police DOT se

-----Ursprungligt meddelande-----
Fr=E5n: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] F=F6r Paul Keating
Skickat: den 6 februari 2006 20:58
Till: veritas-bu AT mailman.eng.auburn DOT edu
=C4mne: RE: [Veritas-bu] Unadvertised utility in Netbackup

=20

it's executable by root.

=20

keep unauthorized root out of your box...sleep well at night.

=20

yes, it's a security risk...yes, it can save your butt....yes, you can =
shoot
yourself in the foot with it...you can even blow your whole leg off.

=20

anything you can do with bpgp, you can do with a creative backup and
restore.

=20

Paul

-----Original Message-----
From: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of Hampus =
Lind
Sent: February 6, 2006 2:13 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unadvertised utility in Netbackup

Hi all,

=20

What are your comments to the bpgp utility, and others, in netbackup? I
understand that it sometimes are useful for backup admins, my self =
included.
But isen`t it also a great security risk? Does the use of this utility =
get
logged somewhere?=20

=20

Thanks and regards,

MVH / Hampus Lind
Rikspolisstyrelsen
National Police Board
Tel dir: +46 (0)8 - 401 99 43
Tel mob: +46 (0)70 - 217 92 66
E-mail: hampus.lind AT rps.police DOT se

=20


------=_NextPart_000_001D_01C62B6C.0B6F8C80
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<title>Message</title>

<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.e-postmall17
        {font-family:Arial;
        color:windowtext;}
span.E-postmall18
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=3DSV link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>We have a lot of =
root people
at all our shops.. </span></font><font size=3D2 color=3Dnavy =
face=3DWingdings><span
lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Wingdings;color:navy'>L</span></fon=
t></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Of course I got =
access to
all the data that are controlled under netbackup, and with that can =
cause great
damage.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>The question was =
more in
terms of &#8220;is it logged somewhere&#8221;? I`am I really safe if =
something
happens and people know I got this &#8220;feature&#8221;? I cant really =
proof
that I did not use this command?</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>What about =
bpinst, that are
a far more powerful utility that allow you to execute scripts on any =
client
server you which.</span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>When it comes to =
SLA`s
our units agree to backups and controlled restores, not to the =
possibility of
undocumented programs that pretty much can do anything anytime without =
any
logging on there servers. </span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></fo=
nt></p>

<div>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>MVH / Hampus =
Lind<br>
Rikspolisstyrelsen<br>
National Police Board<br>
Tel dir: +46 (0)8 - 401 99 43<br>
Tel mob: +46 (0)70 - 217 92 66<br>
E-m</span></font><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>ail: <a
href=3D"mailto:hampus.lind AT rps.police DOT se">hampus.lind AT rps.police DOT 
se</a></=
span></font></p>

</div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Ursprungligt =
meddelande-----<br>
<b><span style=3D'font-weight:bold'>Fr&aring;n:</span></b>
veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] <b><span =
style=3D'font-weight:
bold'>F&ouml;r </span></b>Paul Keating<br>
<b><span style=3D'font-weight:bold'>Skickat:</span></b> den 6 februari =
2006 20:58<br>
<b><span style=3D'font-weight:bold'>Till:</span></b> </span></font><font =
size=3D2
 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'>veritas-bu AT mailman.eng DOT 
aubu=
rn.edu</span></font><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'><br>
<b><span style=3D'font-weight:bold'>&Auml;mne:</span></b> RE: =
[Veritas-bu]
Unadvertised utility in Netbackup</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>it's
executable by root.</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>keep
unauthorized root out of your box...sleep well at =
night.</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>yes,
it's a security risk...yes, it can save your butt....yes, you can shoot
yourself in the foot with it...you can even blow your whole leg =
off.</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>anything
you can do with bpgp, you can do with a creative backup and =
restore.</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dmaroon
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:maroon'>Paul</span></fo=
nt></p>

</div>

<blockquote style=3D'border:none;border-left:solid maroon =
1.5pt;padding:0cm 0cm 0cm 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'=
>

<p class=3DMsoNormal =
style=3D'margin-right:0cm;margin-bottom:12.0pt;margin-left:
65.2pt'><font size=3D2 face=3DTahoma><span lang=3DEN-US =
style=3D'font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b>
veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>Hampus Lind<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> February 6, 2006 =
2:13 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
veritas-bu AT mailman.eng.auburn DOT edu<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Veritas-bu] =
Unadvertised
utility in Netbackup</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>Hi all,</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
face=3DArial><span
lang=3DEN-GB style=3D'font-size:10.0pt;font-family:Arial'>What are your =
comments to
the bpgp utility, and others, in netbackup? I understand that it =
sometimes are
useful for backup admins, my self included. But isen`t it also a great =
security
risk? Does the use of this utility get logged somewhere? =
</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
face=3DArial><span
lang=3DEN-GB style=3D'font-size:10.0pt;font-family:Arial'>Thanks and =
regards,</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D2 =
color=3Dnavy
face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'>MVH / Hampus Lind<br>
Rikspolisstyrelsen<br>
National Police Board<br>
Tel dir: +46 (0)8 - 401 99 4</span></font><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>3<br>
Tel mob: +46 (0)70 - 217 92 66<br>
E-mail: <a =
href=3D"mailto:hampus.lind AT rps.police DOT se">hampus.lind AT rps.police DOT 
se</a></=
span></font></p>

<p class=3DMsoNormal style=3D'margin-left:65.2pt'><font size=3D3
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt'>&nbsp;</span></font></p>

</blockquote>

</div>

</body>

</html>

------=_NextPart_000_001D_01C62B6C.0B6F8C80--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] chaning ITC, Paul Keating
Next by Date:  [Veritas-bu] chaning ITC, Michael Anderson
Previous by Thread:  [Veritas-bu] Unadvertised utility in Netbackup, Paul Keating
Next by Thread:  [Veritas-bu] Unadvertised utility in Netbackup, Bob Stump
Indexes:  [Date] [Thread] [Top] [All Lists]