On Thursday 23 June 2011 10:22:47 Joost Roeleveld did opine thusly: > On Wednesday 22 June 2011 18:02:39 Alan McKinnon wrote: > > But all this was mild compared to what I did yesterday. You know > > that notice on the console when you get sudo wrong? It says the > > incident "will be reported" > > > > OK. But to whom? On my shell boxes it gets reported to me. And > > yesterday this is what it said: > > > > <host> : Jun 21 11:55:25 : <user> : 1 incorrect password attempt > > ; TTY=pts/194 ; PWD=/some/path ; USER=root ; COMMAND=init 6 > > > > 500 concurrent sessions on that box is routine, it's a major > > gateway server. That poor user has not recovered yet. > > You mean, he (or she) will eventually recover? > > Am curious though, why the attempt for a reboot?
It happens about once a week on average - most of those users have multiple telnet sessions open from the Linux machine to Cisco routers. Every time so far they really do want to run sudo, but type it into the wrong terminal. Or worse, they use PuTTY and right-click - PuTTY deals with the cut buffer very differently to the norm on Windows, and right-click doesn't give the usual context menu - by default it's the paste function -- alan dot mckinnon at gmail dot com