Difference between revisions of "HIDS 5402"
From Atomicorp Wiki
m (Created page with "Example log message: Server sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui Explanation: This means that a user or process ...") |
m |
||
(2 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | Example log message: | + | '''Example log message:''' |
Server sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui | Server sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui | ||
− | Explanation: | + | '''Explanation:''' |
− | This means that a user or process successfully used [[sudo]] execute a command as root. | + | This means that a user or process successfully used [[https://en.wikipedia.org/wiki/Sudo sudo]] to execute a command as root. |
+ | |||
+ | '''Notes:''' | ||
+ | |||
+ | Careful analysis of sudo logs is recommended to ensure that users authorized to run root level commands, via sudo, are not exceeding their authority. | ||
+ | |||
+ | '''Known ASL use of sudo''' | ||
+ | |||
+ | These sudo events are caused by ASL, and may be ignored: | ||
+ | |||
+ | sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl -s -f -t | ||
+ | |||
+ | sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui |
Latest revision as of 01:08, 3 January 2012
Example log message:
Server sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui
Explanation:
This means that a user or process successfully used [sudo] to execute a command as root.
Notes:
Careful analysis of sudo logs is recommended to ensure that users authorized to run root level commands, via sudo, are not exceeding their authority.
Known ASL use of sudo
These sudo events are caused by ASL, and may be ignored:
sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl -s -f -t
sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui