HIDS 5402

Example log message:

Server sudo: tortix : TTY=unknown ; PWD=/var/asl/www ; USER=root ; COMMAND=/var/asl/bin/asl --validate_gui

Explanation:

This means that a user or process successfully used [sudo] to execute a command as root.

Notes:

Careful analysis of sudo logs is recommended to ensure that users authorized to run root level commands, via sudo, are not exceeding their authority.