== A followup to what _sudo_ emails to ignore and not ignore

So I wrote [[this entry on what _sudo_ emails to ignore and not ignore
SudoWhatNotToIgnore]] the other day. Today we got some email from
_sudo_, reporting:

.pn prewrap on
>  appsN : Feb  7 12:36:24 : <redacted> : 3 incorrect password attempts ; TTY=pts/NN ; PWD=/h/<redacted> ; USER=root ; COMMAND=/bin/echo great post Chris!

I've got to award this a special bonus prize for probably the most
amusing and clever blog feedback I've ever gotten. It certainly
made me (and my co-workers) laugh. Well done!

(And yes, because I'm a cautious sysadmin I did indeed check our logs to
see if the account might have been compromised and then just to be sure
I also verified that the IP the user had logged in from had been used to
request URLs here. I was pretty sure even before I started, but after
[[recent events SecurityIncidentGrounding]] I'm just a little bit jumpy
about ignoring things that I think have to be harmless.)

PS: For the record, I'm also pleased that at least one of our users
finds my blog interesting enough to read. And I'm happy to take requests
for bits of our infrastructure to write up here, if they (or other
people) are curious. Email, [[Twitter https://twitter.com/thatcks/]],
whatever.