Find the answer to your Linux question:
Results 1 to 3 of 3
Hi Guys, I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check. ------------- From: test_at_domain To: root_at_domain ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2013
    Posts
    13

    Security information alert - where it comes from?


    Hi Guys,

    I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check.

    -------------
    From: test_at_domain
    To: root_at_domain
    Date: 11.04.2014 04:33
    Subject: *** SECURITY information for server1 ***

    server1 : Apr 11 10:33:19 : test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/su -
    -------------
    The user test tried to become root user by issuing command 'sudo su -'. As the user test is not mentioned /etc/sudoers file, the incident is reported in /var/log/messages (SLES)

    Checked on /etc/syslog.conf, /etc/syslog-ng/syslog-ng.conf and crontab for test user - there were no settings.

    Could you guys please assist where else should I check? I need to disable this.

  2. #2
    Linux Guru
    Join Date
    Dec 2013
    Posts
    1,565
    Did you read through /etc/sudoers or just grep? Sudo itself can be configured to send email.

  3. #3
    Just Joined!
    Join Date
    Jul 2013
    Posts
    13
    Quote Originally Posted by gregm View Post
    Did you read through /etc/sudoers or just grep? Sudo itself can be configured to send email.
    I read line by line . I know that sudo can be configured to send email. I checked it is not.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •