I have recently been given the task of securing our computer facilities,
which run HP-UX 9.03 . These systems have never been patched before, and
I am sure they contain more holes than swiss cheese ! It is also known
for a fact that some ( 6-7 ) people have gained root access on our systems.
We suspect a few poeple, but have no proof to book them.
My task is to gather proof against these users and plug all holes !
I was hoping that I could get some advice from sysadmins who have previous
experience in such matters.
I have made a list of all suid progs on all our systems and am going through
them . I will have to look up all major holes which were published
for HP-UX 9.03 in last 3 years (help !!). But what troubles me most is how to
track down the hackers! I have yet not figured out a good way to keep
the suspected id's under observation without them figuring it out .
If anybody can give any sort of advice, help, please do so, and mail me.
I will be very grateful to you .
Thanks in advance !