I just got a sys admin to help do some work on my RH Linux dedicated server. It was probably unwise to give him root access but for the job it was necessary. What steps should I now take to ensure that he hasn't created a back door for himself that he could use later on?

Hire another sys admin to do a security check :D

--
Rodrigo

Originally posted by lyew
What steps should I now take to ensure that he hasn't created a back door for himself that he could use later on?
If you hired someone mature and professional, weren't an ass to him when he was doing the job and you have paid him on time then what motive would have to need a backdoor?

Change the root password; check .ssh/authorized_keys[2] files for new keys; you can check for well known rootkits using the program from www.chkrootkit.org or others. If he really wanted to install a backdoor then there's any number of methods...

The only way to know for sure is to compare an image of the system now to an image taken previously using a program like Tripwire. However you'd need a sys admin to install tripwire...