This incident will be reported - Security & Cryptography
Users browsing this thread: 2 Guest(s)
|
|||
I always though this would be some legacy unused feature of sudo(1), thinking that you had to read some dark parts of /var/log/secure logs (something nobody ever does)...
But I shit you not, this happened today: I felt... betrayed! THIS IS ACTUALLY REPORTED! |
|||
|
|||
Quote:root is not in the sudoers file. This incident will be reported.I've always wondered, why root is added by default to the sudoers file? Also: Quote:sudoers can log both successful and unsuccessful attempts (as well as errors) toAnd in auth.log Code: Jul 3 12:07:40 computer sudo: root : user NOT in sudoers ; TTY=pts/30 ; PWD=/home/patrick ; USER=root ; COMMAND=t It's your syslog implementation (for me here it's rsyslog) configuration that is forwarding it by email, it might not be default on all systems. |
|||
|
|||
(03-07-2017, 06:14 AM)venam Wrote: I've always wondered, why root is added by default to the sudoers file?I've found the answer to my question in a thread regarding `doas`. Here it is: https://unix.stackexchange.com/questions...oas#297421 In summary, root cannot run sudo/doas by default if it's not specified in the file, which is inconvenient for some tasks. |
|||
|
|||
Can someone elaborate what was happening?
From my understanding z3bra wanted to run `sudo lsblk /dev/sda` as root, which was prohibited? |
|||
|
|||
(07-07-2017, 05:13 AM)r4ndom Wrote: Can someone elaborate what was happening? This: Code: root@z3bra.org > sudo lsblk He's just pointing out that he didn't realize it would actually be reported somewhere (syslog -> email). |
|||
|
|||