+- nixers (https://nixers.net)
+-- Forum: Operating Systems & Administration (https://nixers.net/Forum-Operating-Systems-Administration)
+--- Forum: Security & Cryptography (https://nixers.net/Forum-Security-Cryptography)
+--- Thread: This incident will be reported (/Thread-This-incident-will-be-reported)
This incident will be reported - z3bra - 03-07-2017
I always though this would be some legacy unused feature of sudo(1), thinking that you had to read some dark parts of /var/log/secure logs (something nobody ever does)...
But I shit you not, this happened today:
![[Image: had.png]](https://p.iotek.org/had.png)
I felt... betrayed! THIS IS ACTUALLY REPORTED!
RE: This incident will be reported - venam - 03-07-2017
Quote:root is not in the sudoers file. This incident will be reported.I've always wondered, why root is added by default to the sudoers file?
Also:
Quote:sudoers can log both successful and unsuccessful attempts (as well as errors) toAnd in auth.log
syslog(3), a log file, or both. By default, sudoers will log via syslog(3) but
this is changeable via the syslog and logfile Defaults setting
Code:
Jul 3 12:07:40 computer sudo: root : user NOT in sudoers ; TTY=pts/30 ; PWD=/home/patrick ; USER=root ; COMMAND=tIt's your syslog implementation (for me here it's rsyslog) configuration that is forwarding it by email, it might not be default on all systems.
RE: This incident will be reported - venam - 07-07-2017
(03-07-2017, 06:14 AM)venam Wrote: I've always wondered, why root is added by default to the sudoers file?I've found the answer to my question in a thread regarding `doas`.
Here it is:
https://unix.stackexchange.com/questions/297410/why-would-root-need-to-run-unrestricted-commands-as-itself-via-doas#297421
In summary, root cannot run sudo/doas by default if it's not specified in the file, which is inconvenient for some tasks.
RE: This incident will be reported - r4ndom - 07-07-2017
Can someone elaborate what was happening?
From my understanding z3bra wanted to run `sudo lsblk /dev/sda` as root, which was prohibited?
RE: This incident will be reported - venam - 07-07-2017
(07-07-2017, 05:13 AM)r4ndom Wrote: Can someone elaborate what was happening?
This:
Code:
root@z3bra.org > sudo lsblk
user NOT in sudoers
This action is going to be reported (or something similar)He's just pointing out that he didn't realize it would actually be reported somewhere (syslog -> email).
RE: This incident will be reported - robotchaos - 13-07-2017
https://xkcd.com/838/