Thursday, December 27, 2018

[qfsgyazu] Sysadmin transparency

You delegate the administration of your computer system to someone else, whom you'd like to trust but also verify that they are not acting evilly, hurting you.  Likewise, your system administrator would like to manifest trustworthiness through verifiability and transparency.  What are some tools and techniques to accomplish this?

Very few managed services do this for their users.  We don't see competition of transparency among, say, Gmail versus other email providers.

auth.log records the invocations of sudo, though that file is usually not readable by users.

Is it possible to set it up so that it is impossible for the sysadmin to extract and hand over data in response to a subpoena without the user becoming aware that such an action is being taken against the user?

No comments:

Post a Comment