[PLUG] Graceful sudo recovery
chris (fool) mccraw
gently at gmail.com
Thu Aug 23 23:39:37 UTC 2012
On Thu, Aug 23, 2012 at 3:51 PM, Paul Heinlein <heinlein at madboa.com> wrote:
> I have sudo configured on the servers around our office to send me
> administrative notes when someone invokes sudo without having permission to
> do so.
>
> So I get a message (where YYYYYY is the server name and ZZZZZZ is the
> username):
>
> YYYYYY: Aug 23 15:41:32 : ZZZZZZ : user NOT in sudoers ;
> TTY=pts/1 ; PWD=/home/ZZZZZZ ; USER=root ; COMMAND=/bin/ls
>
> sudo let the user in question that his activity would be recorded and
> reported, so just a few seconds later I get another warning:
>
> YYYYYY: Aug 23 15:41:46 : ZZZZZZ : user NOT in sudoers ; TTY=pts/1 ;
> PWD=/home/ZZZZZZ ; USER=root ; COMMAND=/bin/echo Just checking
Back when I worked in a CS department with a thousand inquisitive
students, we wrote our own kernel modules to stop forkbombs and were
generally proactive and had few actual security incidents. But the
best moment perhaps was a sudo message like this, which started with a
command like your first one, and then was followed by:
YYYYYY: Aug 23 15:41:46 : ZZZZZZ : user NOT in sudoers ; TTY=pts/1 ;
PWD=/home/ZZZZZZ ; USER=root ; COMMAND=make me a sandwich
More information about the PLUG
mailing list