My client has gotten a few of these emails now with this warning:
I ssh'd in and the last ssh prior to that was back in August (based on the `last` command), no ftp activity, nothing in .bash_history (I checked both root and the user in question), and i scanned the site on this account and see no signs of any back doors or other suspicious activity. Any ideas on what could cause this?
-Michael
Code:
vps.domain.com : Jan 2 04:59:04 : username : user NOT in sudoers ; TTY=unknown ; PWD=/home/username ; USER=root ; COMMAND=/sbin/sysctl kernel.nmi_watchdog=0
-Michael