Topic: email from www@mydomain.com

[del]

Hi All,
I recently received this email
From: www@mydomain.com
To: root@mydomain.com
Subject: *** SECURITY information for linux-server ***
Message:
linux-server : Jun  9 16:51:47 : www : /etc/sudoers is mode 0777, should be 0440 ; TTY=unknown ; PWD=/usr/local/squidGuard/www ; USER=root ; COMMAND=/etc/rc.d/init.d/squid restart

Can anyone help me decipher it!
Thanks,
Del

[George]

del wrote:

> I recently received this email
> From: www@mydomain.com
> To: root@mydomain.com
> Subject: *** SECURITY information for linux-server ***
> Message:
> linux-server : Jun  9 16:51:47 : www : /etc/sudoers is mode
> 0777, should be 0440 ; TTY=unknown ;
> PWD=/usr/local/squidGuard/www ; USER=root ;
> COMMAND=/etc/rc.d/init.d/squid restart
>
> Can anyone help me decipher it!

Whoever installed and configured sudo on your system did it in an extremely insecure fashion. You should remove sudo immediately "rpm -e sudo".

G

[del]

Hi George,
What is sudo? Sorry for being a newbie.
Thanks,
Del

[brian kirk]

This from a google search "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments."
Regards
Brian

[del]

Hi,
Interesting, I installed SME5.6U4 myself so how would that get configured without me knowing? Do you think it is possible someone as hacked in and altered something?
Del

[Larry]

I checked my own permissions (5.6U4) and the and they are 440.  Why not set yours?