diff options
Diffstat (limited to 'ops/new-sysadmin.md')
-rw-r--r-- | ops/new-sysadmin.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ops/new-sysadmin.md b/ops/new-sysadmin.md new file mode 100644 index 0000000..ed6fbb0 --- /dev/null +++ b/ops/new-sysadmin.md @@ -0,0 +1,36 @@ +You're a production sysadmin now. That comes with certain responsibilities. + +In short: + +1. Respect the user's privacy, and look at only what you must. +2. Think before you type. +3. With great power comes great responsibility. + +Assorted tips: + +- Practice your changes on localhost first. +- Ask for help if you need it. +- Always run your SQL queries in a transaction. +- `SELECT things, you, want FROM x;` is generally better than `SELECT * FROM x;` + when considering the user's privacy. +- Share information on a need-to-know basis, both with people and with + computers. +- Avoid doing things that cannot be undone. + +## Spear Phishing + +Because you now have access to production systems, you may be a target for spear +phishing. A bad actor may target you directly in a social engineering attack in +an attempt to get you to leverage your access to mistakenly compromise the +system. For example, someone may impersonate another admin and ask you to add an +SSH key to a server. You need to be aware of this risk. + +If you receive a request to leverage your access for any reason, double check +the veracity of the request. Is the person on IRC identified with NickServ for +the correct account? Is the email they sent DKIM signed and verified from the +right sender? If in doubt, ask for a secondary form of authentication, such as a +PGP challenge. + +This also applies to normal requests from users - don't let someone impersonate +another user in an attempt to gain access to or manipulate their account. Be +especially careful with requests from users with 2FA enabled. |