I went to sudo on my Mythbuntu box today and received an error message
on the terminal, also echoed in the logs:
Mar 27 13:59:40 mythtv sudo: user : /var/lib/sudo/user/0 owned by
uid 16640, should be uid 0 ; TTY=pts/0 ; PWD=/home/user ; USER=root ;
COMMAND=/bin/su
My immediate thought was some kind of hacking going on. However, after
much digging, I haven't been able to find anything in the logs and, this
box being behind a router with very limited access, after checking the
router, I can find nothing odd there either. The file itself was
root.root when I looked but I assume this is some kind of corrective
action sudo took.
The file itself is just an empty file so I can't see what or why it
would be useful in any kind of hack. No other file has that uid set.
/etc/group and /etc/passwd are clean. I'm going to keep an eye on things
and probably step up security a bit but I think this is just one of
those weird things that happens sometimes. Anyone have a better idea?
Rich
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
