Posted April 15, 201410 yr Hi Guys, I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check. Quote: ------------- From: test_at_domain To: root_at_domain Date: 11.04.2014 04:33 Subject: *** SECURITY information for server1 *** server1 : Apr 11 10:33:19 : test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/su - ------------- The user test tried to become root user by issuing command 'sudo su -'. As the user test is not mentioned /etc/sudoers file, the incident is reported in /var/log/messages (SLES) Checked on /etc/syslog.conf, /etc/syslog-ng/syslog-ng.conf and crontab for test user - there were no settings. Could you guys please assist where else should I check? I need to disable this. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.