1 |
Robert Bridge wrote: |
2 |
> On Mon, Aug 9, 2010 at 8:09 PM, Mick<michaelkintzios@×××××.com> wrote: |
3 |
> |
4 |
>> There have been discussions on this list why sudo is a bad idea and sudo on |
5 |
>> *any* command is an even worse idea. You might as well be running everything |
6 |
>> as root, right? |
7 |
>> |
8 |
> sudo normally logs the command executed, and the account which |
9 |
> executes it, so while not relevant for single user systems, it STILL |
10 |
> has benefits over running as root. |
11 |
> |
12 |
> RobbieAB |
13 |
> |
14 |
> |
15 |
|
16 |
I don't use sudo here but I assume a admin would only know that a nasty |
17 |
command has been ran well after it was ran? Basically, after the damage |
18 |
has been done, you can go look at the logs and see the mess some hacker |
19 |
left behind. For me, that isn't a whole lot of help. You still got |
20 |
hacked, you still got to reinstall and check to make sure anything you |
21 |
copy over is not infected. |
22 |
|
23 |
Assuming that they can erase dmesg, /var/log/messages and other log |
24 |
files, whose to say the sudo logs aren't deleted too? Then you still |
25 |
have no records to look at. |
26 |
|
27 |
I agree with the other posters tho, re-install from scratch and re-think |
28 |
your security setup. |
29 |
|
30 |
Dale |
31 |
|
32 |
:-) :-) |