S
soloklado
Hi Guys,
I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check.
Quote:
-------------
From: test_at_domain
To: root_at_domain
Date: 11.04.2014 04:33
Subject: *** SECURITY information for server1 ***
server1 : Apr 11 10:33:19 : test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/su -
-------------
The user test tried to become root user by issuing command 'sudo su -'. As the user test is not mentioned /etc/sudoers file, the incident is reported in /var/log/messages (SLES)
Checked on /etc/syslog.conf, /etc/syslog-ng/syslog-ng.conf and crontab for test user - there were no settings.
Could you guys please assist where else should I check? I need to disable this.
Continue reading...
I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check.
Quote:
-------------
From: test_at_domain
To: root_at_domain
Date: 11.04.2014 04:33
Subject: *** SECURITY information for server1 ***
server1 : Apr 11 10:33:19 : test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/su -
-------------
The user test tried to become root user by issuing command 'sudo su -'. As the user test is not mentioned /etc/sudoers file, the incident is reported in /var/log/messages (SLES)
Checked on /etc/syslog.conf, /etc/syslog-ng/syslog-ng.conf and crontab for test user - there were no settings.
Could you guys please assist where else should I check? I need to disable this.
Continue reading...