A followup to what sudo emails to ignore and not ignore

February 7, 2014

So I wrote this entry on what sudo emails to ignore and not ignore the other day. Today we got some email from sudo, reporting:

appsN : Feb  7 12:36:24 : <redacted> : 3 incorrect password attempts ; TTY=pts/NN ; PWD=/h/<redacted> ; USER=root ; COMMAND=/bin/echo great post Chris!

I've got to award this a special bonus prize for probably the most amusing and clever blog feedback I've ever gotten. It certainly made me (and my co-workers) laugh. Well done!

(And yes, because I'm a cautious sysadmin I did indeed check our logs to see if the account might have been compromised and then just to be sure I also verified that the IP the user had logged in from had been used to request URLs here. I was pretty sure even before I started, but after recent events I'm just a little bit jumpy about ignoring things that I think have to be harmless.)

PS: For the record, I'm also pleased that at least one of our users finds my blog interesting enough to read. And I'm happy to take requests for bits of our infrastructure to write up here, if they (or other people) are curious. Email, Twitter, whatever.

Written on 07 February 2014.
« A surprise with OmniOS disk sizing: the rpool/dump ZVOL
You cannot have just one network install server »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Feb 7 13:58:15 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.