oreilly.comSafari Books Online.Conferences.


Linux in the Enterprise

CYA for System Administrators

Things to keep in mind in our litigious society


In the last Linux in the Enterprise column, Linux Tools For Network Analysis, I mentioned some things to consider when you're using network scanning systems on your company's network. Doing the wrong thing in the cause of making your network "more secure" can land an unlucky administrator in a duel with the legal system. This is more likely when your actions come as a surprise or are viewed in a bad light by others who question your authority or motives to be doing what you're doing. With all the sound and fury in media about evil hackers, it's a good idea to consider how to protect yourself ahead of time.

System Administration is a job with few parallels in the world. In many jobs, individuals have control over systems and infrastructure critical to the lives and jobs of others, including running mass transit systems, police work, air traffic control. However, in very few other professions do the people who control the infrastructure also have the ability to read the e-mail, modify the spreadsheets of, change the credit ratings, or deny access to the people using the infrastructure. Another difference is that in many of those more established fields, regulations are in place to protect the systems' users and the administrators who run the systems.

The sheer power of the systems administration function intimidates many users and management types when they stumble into the realization of just what can be done with root privileges. The question that shakes out of this is pretty simple: How can I do my job, run a system or network safely and securely without winding up on the wrong end of a subpoena?

Know your responsibilities

Some system administrators inherit large systems, others watch them grow up around them. Whichever situation you find yourself in, it's a good idea to make sure that your role and your responsibilities are fully specified.

By "fully specified" I don't mean that you should have your boss tell you what keystrokes you are responsible for typing, but your job description should be complete and list not only the hardware and software you support, but what management areas that role includes. Many administrators have a blanket job description that reads something like:

Manage and maintain workstation and server environment in support of development and production systems.

Sound familiar? Most system administrators work under this kind of job description, but it includes a lot of room for interpretation, which could mean trouble if someone decides to make you a target.

A more complete job description might be along the lines of:

Manage and maintain workstation and server environment in support of development and production systems including:

  • Setup of systems
  • Backup and recovery of files
  • Management of file servers
  • Maintenance of printing environment
  • Administration of system security

The last item might also include:

  • Application of vendor supplied patches
  • Basic system security (file permissions, access control lists, etc.)
  • System activity reporting
  • Work with company security personnel in implementation/investigation of security initiatives and issues

This job description spells out responsibilities clearly without tying the hands of a system administrator. By working within its limits, a system administrator guards against being criticized for over-extending their reach or activities in an unauthorized fashion.

It is important to read between the lines about things not explicitly in the job description. Left out are tasks like "enforcement of password standards" or anything about "network scanning." Of course, your job may include such activities, but it's better to have an explicit understanding between yourself and your management with regard to exactly what kinds of tasks and responsibilities are included in your job.

Pages: 1, 2

Next Pagearrow

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: