This incident will be reported

This incident will be reported - Security & Cryptography

Users browsing this thread: 1 Guest(s)

	venam Offline \| 03-07-2017, 06:14 AM \| #2

Quote:root is not in the sudoers file. This incident will be reported.

I've always wondered, why root is added by default to the sudoers file?

Also:

Quote:sudoers can log both successful and unsuccessful attempts (as well as errors) to
syslog(3), a log file, or both. By default, sudoers will log via syslog(3) but
this is changeable via the syslog and logfile Defaults setting

And in auth.log

Code:
Jul  3 12:07:40 computer sudo:     root : user NOT in sudoers ; TTY=pts/30 ; PWD=/home/patrick ; USER=root ; COMMAND=t

It's your syslog implementation (for me here it's rsyslog) configuration that is forwarding it by email, it might not be default on all systems.

Messages In This Thread

This incident will be reported - by z3bra - 03-07-2017, 06:00 AM

RE: This incident will be reported - by venam - 03-07-2017, 06:14 AM

RE: This incident will be reported - by venam - 07-07-2017, 03:22 AM

RE: This incident will be reported - by r4ndom - 07-07-2017, 05:13 AM

RE: This incident will be reported - by venam - 07-07-2017, 05:28 AM

RE: This incident will be reported - by robotchaos - 13-07-2017, 05:24 PM

View a Printable Version