SECURITY information for vps.domain.com, user NOT in sudoers

M

mvandemar

Well-Known Member
Jun 17, 2006
181
52
178
My client has gotten a few of these emails now with this warning:

Code: 
vps.domain.com : Jan 2 04:59:04 : username : user NOT in sudoers ; TTY=unknown ; PWD=/home/username ; USER=root ; COMMAND=/sbin/sysctl kernel.nmi_watchdog=0
I ssh'd in and the last ssh prior to that was back in August (based on the `last` command), no ftp activity, nothing in .bash_history (I checked both root and the user in question), and i scanned the site on this account and see no signs of any back doors or other suspicious activity. Any ideas on what could cause this?

-Michael
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,469
2,842
363
cPanel Access Level
Root Administrator
Hey there! Usually this notification happens when the user tries to execute something with sudo but doesn't have the correct permission to do so. Is it possible they tried to upgrade something, or maybe set up a cron? It's hard to say exactly what triggered the notification from that information, but it's possible that /var/log/secure would provide more details about this.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Security issues when create subdmain without main domain Security 3
E In Progress CPANEL-43534 - Using a link form CP email of "WordPress Updates Digest" gives security error Security 7
E Is it OK to use Ubuntu's "Expanded Security Maintenance for Applications"? Security 3
D Answer information access_log scanning security Security 1
sehh multiple servers sharing security information Security 0
Similar threads
Security issues when create subdmain without main domain
In Progress CPANEL-43534 - Using a link form CP email of "WordPress Updates Digest" gives security error
Is it OK to use Ubuntu's "Expanded Security Maintenance for Applications"?
Answer information access_log scanning security
multiple servers sharing security information
Top Bottom