On Thu, Aug 23, 2012 at 3:51 PM, Paul Heinlein <[email protected]> wrote: > I have sudo configured on the servers around our office to send me > administrative notes when someone invokes sudo without having permission to > do so. > > So I get a message (where YYYYYY is the server name and ZZZZZZ is the > username): > > YYYYYY: Aug 23 15:41:32 : ZZZZZZ : user NOT in sudoers ; > TTY=pts/1 ; PWD=/home/ZZZZZZ ; USER=root ; COMMAND=/bin/ls > > sudo let the user in question that his activity would be recorded and > reported, so just a few seconds later I get another warning: > > YYYYYY: Aug 23 15:41:46 : ZZZZZZ : user NOT in sudoers ; TTY=pts/1 ; > PWD=/home/ZZZZZZ ; USER=root ; COMMAND=/bin/echo Just checking
Back when I worked in a CS department with a thousand inquisitive students, we wrote our own kernel modules to stop forkbombs and were generally proactive and had few actual security incidents. But the best moment perhaps was a sudo message like this, which started with a command like your first one, and then was followed by: YYYYYY: Aug 23 15:41:46 : ZZZZZZ : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/ZZZZZZ ; USER=root ; COMMAND=make me a sandwich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
