Re: `su to root' entry in syslog
Brandon Mitchell <firstname.lastname@example.org> writes:
> Since these are all from his machine, maybe he's been hacked and doesn't
> know it yet.
Well, it's a Win95 box on the other end of a dialup line. :-)
> sudo and suid programs won't cause this log entry. Another good idea may
> be to move su to another location (su.orig), and place a script that sends
> you an alarm and sleeps for a minute in it's place, e.g.:
I've done this. Let's just wait...
FWIW, here's his .bash_history, in case something jumps out at you.
Nothing seems suspicious to me:
Ben Pfaff <email@example.com> <firstname.lastname@example.org> <email@example.com>
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .