Robert Bridge wrote:
On Mon, Aug 9, 2010 at 8:09 PM, Mick<michaelkintz...@gmail.com> wrote:
There have been discussions on this list why sudo is a bad idea and sudo on
*any* command is an even worse idea. You might as well be running everything
as root, right?
sudo normally logs the command executed, and the account which
executes it, so while not relevant for single user systems, it STILL
has benefits over running as root.
RobbieAB
I don't use sudo here but I assume a admin would only know that a nasty
command has been ran well after it was ran? Basically, after the damage
has been done, you can go look at the logs and see the mess some hacker
left behind. For me, that isn't a whole lot of help. You still got
hacked, you still got to reinstall and check to make sure anything you
copy over is not infected.
Assuming that they can erase dmesg, /var/log/messages and other log
files, whose to say the sudo logs aren't deleted too? Then you still
have no records to look at.
I agree with the other posters tho, re-install from scratch and re-think
your security setup.
Dale
:-) :-)