A security auditor for our servers has demanded the following within two weeks:
A list of current usernames and plain-text passwords for all user accounts on all servers
A list of all password changes for the past six months, again in plain-text
A list of "every file added to the server from remote devices" in the past six months
The public and private keys of any SSH keys
An email sent to him every time a user changes their password, containing the plain text password
follow the link to find out what happens. all i can say is this guy should not be a security consultant
http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants
A list of current usernames and plain-text passwords for all user accounts on all servers
A list of all password changes for the past six months, again in plain-text
A list of "every file added to the server from remote devices" in the past six months
The public and private keys of any SSH keys
An email sent to him every time a user changes their password, containing the plain text password
follow the link to find out what happens. all i can say is this guy should not be a security consultant
http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants
