Funny story. When I was in grad school, the math department office I was in had Linux computers administrated by the department. One day I was goofing in my shared office with a fellow grad student by playing with what resources were available.
We were trying sudo and failed with enough silly passwords that we got the "this incident will be reported" message. I confidently told my officemate that these messages were never saved and recorded.
A few moments later, from our open office door (which I assume meant all our conversation was able to be overheard), our IT lady from down the hall came in and said to me "Download the internet, really?"
Because yes, I did type, while not saying I was doing so, "sudo DOWNLOAD THE INTERNET" into the terminal while goofing.
Funny story but I did feel a bit embarrassed at the time.
Speaking of interaction with the admin. Back in the days when I was in school, the computer lab ran a Honeywell mainframe with terminals. I wrote a program emulating the logon screen to intercept the username and password of the unsuspecting students logging on and to email them to me. I was going to post the list of all the usernames and passwords at the end of the semester on the wall. I dubbed it the Fishing project with my friends (yes, that's before all the phishing activities went rampant).
I collected dozens of usernames and passwords before the professor of my CS class stopped me one day after class and said, you better stop whatever you're doing. Apparently the system saved the typing of all sessions and the admin actually went through all of them.
The next semester all the terminals had a physical switch installed that had to be pressed to reset the terminal before logon. That killed any running program. I was glad to play a small part in improving the security of my school lab.
I got a chiding lecture like that from some skinny UUG-type security admins, by manually shutting down my HP-UX workstation in a university CS lab. I had reached behind it and flipped the power switch.
I tried to flip it back on just afterward, to resume my business (lol) but found that my login was blocked with a message...come up to security in room 300-something and talk to us to get your account un-suspended.
The issue leading to the frantic shutdown goes as follows:
I had been browsing some of JWZ's online journals in Netscape...the old about:jwz trick.
Within those pages, there's a linked audio clip of the fake *rgasm scene from "When Harry Met Sally".
I clicked on the link not realizing what would happen, and of course this passionate audio clip played at more or less full volume to a computer lab full of university students from China.
(They were extremely "I didn't notice that" about the whole thing, but I was beet red and frantically scanning the room for anyone who I could possibly nervously laugh with...)
Back then Netscape didn't show any audio controls that I could find anywhere when clips like that played, which was also a really frustrating part of this. I guess it just handed off the audio to some process which I could have found via `top` if I had the time.
There was also an internal speaker, nothing with a manual volume control. Great!
Anyway, I went upstairs, got my lecture about other people who could have had sessions terminated while working on the same workstation, got the login back, and fortunately none of the Chinese students seemed to have let my er..._BYU_ CS security admins...know about the situation in the lab. lol.
(No longer a practicing Mormon; still think CDE is cool)
Edit: Just for the memories...at the same time, I had a PT job doing university IT support on a Novell network, and we supported, among other places (the MTC, the laundry, Creamery--PHEW those amazing chocolate malt shakes--but not so phew the time the creamery's huge 1K+ gal. milk vats leaked and there was a foot of standing milk in our PCs there, etc.), the married student housing computer labs.
Colloquially labeled by my boss and others as the "rabbit hutches"...
This was still pretty early days for the web, and I remember periodically getting frantic voicemails from newly-married folks.
A common version of the voice message would be something like, "Hi, uh...I was in the married student housing lab...trying to book airline tickets for my husband to fly home and see his mom...anyway (tearful quivering voice starts)...russian porn came up I guess? I mean I am just guessing...uh, so anyway...(crying harder, phew)...the lab assistant gave me your number, and here's my number, if we need to talk about this or anything, call me I guess?"
I can't imagine what those students must have felt when the lab assistant just shrugged their shoulders regarding "what to do about this" and gave them somebody's office number to call. Up the chain with you!
Gestapo-level perceptions would always tend to kick in at that point...and you had to maintain an ecclesiastical endorsement to continue studies there, so this was a pretty big deal. Anything involving porn was always at the potentially-terminate-your-entire-university-experience level.
(Often the calls to those labs were pretty funny though. Like a toddler put a dorito inside of a CD-ROM drive, bring your hemostat, things like that. Afterward we'd get a Jamba Juice, or get a free cafeteria meal from a really nice food-services manager, chat about Everquest, etc.)
Alright, did I tell my college sysadmin story already? This is the perfect place to drop it.
1990, freshman in college, Pascal class on AT&T Unix SVR3 3B2 cluster named "earth", "wind", and "fire". We'd just learned our way around "vi" and how to "uvapc" our Pascal source into a.out.
I discovered anonymous ftp, and "make", and I quickly rose to become the gaming king of Pascal class. I had ularn, nethack, megs and megs of games crammed in my no-quota $HOME, and I'd opened permissions for everyone else to access and play them. I often chit-chatted with a classmate or two over "write" or "ytalk".
Not content to merely play games, I became mischievous with the system and its inner workings. I created a .profile and a .plan, the latter of which used VT100 cursor escape sequences to self-modify the screen, such as changing my $HOME to "/" and I also made a boastful comment about having root access.
It was all in good fun, and then came the day that I discovered /etc/passwd and I attempted to "su" to every single system account I found listed. I mean some of their passwords were just "*" so they must've been wide open!!1
I soon received ominous, chilling email from the unseen sysadmin of the whole cluster. He described to me everything I'd done up to this point, and he informed me that saying I have root access is like telling airport officials that I have a bomb. That point definitely drove it home to me as a young and dumb hacker.
So, for the rest of my short college career, while I did some silly "extra-curricular" things with my own compute resources, I was careful to not try and break system security, or even say that I had, for fear of the wrath of the unseen sysadmin.
> AT&T Unix SVR3 3B2 cluster named "earth", "wind", and "fire".
Not related to sudo, but this brought back a memory of the cluster I had access to during my college internship. 6 computers, I don't remember what kind or vendor. Named after the starter Pokemon for generations 1 & 2. They were in the rear of the room behind a cage I did not have a key for.
One day a sysadmin came into the room asking "Uhhh... I'm looking for a... totodile?" The way he pronounced totodile made it clear he had no idea what a pokemon was.
He had to remove it and replace something, didn't really give us any details. A few days later he brought the server back and hooked it back up to the cluster. The very first thing we did was rename it to Croconaw. (The evolved form of Totodile).
My similar story: I wrote a script that tries all the words from a spellchecker I found as passwords for each user (a really naive dictionary attack). The angry admin did came as apparently each wrong attempt generated a beep on some station in their room (these were dos times iirc and the admins were just high school kids).
For those wondering where the reports go, under systemd-based linux distributions ideally you can get them with this:
sudo journalctl /bin/sudo
Historically speaking however the sysadmin with access to the 'mail' command would be able to run that and see mail delivered to root@localhost for these reports. I think at least OpenBSD still does things this way [1], but they moved away from sudo YEARS ago now [2]
I haven't used journalctl in a while - do you mind explaining how it works with a binary path? Does it report all system logging that came from that executable, as if it were a service file?
Social media communities really ought to observe a "leave no trace" rule with respect to GitHub and other such spaces. This commit from February 2022 is now as of today littered with a bunch of joke comments from being linked from here and previously somewhere else earlier (based on timestamps).
At @dayjob, we have a mailing list for root@ mails. We actively use it for recording the output of cronjobs and like that. Several times a year i get sudo fail mails from random people on the terminal servers. A few years ago i actually compiled a list of the most prolific repeat offenders and they got a bag of marshmallows that have the form of coal nuggets right before Christmas vacation.
Reminds me of using Win9x when programs crashed (as often happened then), prompting Windows to present those "This program has performed an illegal operation" dialogs.
As a kid the only bit of that message that made any sense was "illegal operation" which made me wonder if I'd broken some law somehow.
I've always been amused by this, because I usually get it on single user systems (mine own) without mail. It makes me picture some shady office in a bunker in central Nevada, where undeliverable incident reports end up in dusty filing cabinets, indexed by incorrect passwords.
Thank goodness. That was a terrible message. I remember my very first experience with unix was setting up Red Hat 3.0.3[1] at work for a small internet company in like 1997 and getting that message and just not knowing what on earth to do. There was noone in my company who could help me and all I had was a unix book from my local library which didn't even cover linux (but I sort of thought it would be helpful).
When I was in uni, the computer science school actually did occasionally check these reports. Specifically, a guy named Chris checked them. Some friends of mine apparently used this to send him messages.
Similarly, at a place I used to work, messages such as "sudo echo 'Hey John, please would you chmod -R a+r on /storage/data/filename.txt, thanks!'" were used.
This usually resulted in irate "Stop that! You have to submit a ticket!" emails.
Boy, I made so many memes around sudo. I can't believe they removed it. I mean, sudo does log messages in /var/log/secure or /var/log/auth.log on Linux when something fails or is executed successfully, depending on security policies. The default on most distro is to log messages.
I remember the first time to have this message was at my first time using CERN lxplus during my undergrad. I was worried that people will think I am stupid to try "sudo apt-get" there. It was a mistake as I had several terminal sessions and forgot which one was the local.
Anyway fast forward today. I know the answer to the question to whom usually this notification gets sent. They forward it via SMTP server to the person on computing shift (at least for some of the experiments) based on the experiment this person (who tried sudo) account belongs too. probably also some IT email.
Anyway it is stressful for new and young people. but honestly I never read them. I have email rule to put them inside specific folder I don't usually open.
The first time I saw this message I was on my own danged system and I was still momentarily alarmed, hahaha. Common sense asserted itself pretty quickly of course.
I teach an entry level CS course at the University and my students got scared a lot when they saw that message. It was funny until I noted that they were really worried :( .
[+] [-] abnry|2 years ago|reply
We were trying sudo and failed with enough silly passwords that we got the "this incident will be reported" message. I confidently told my officemate that these messages were never saved and recorded.
A few moments later, from our open office door (which I assume meant all our conversation was able to be overheard), our IT lady from down the hall came in and said to me "Download the internet, really?"
Because yes, I did type, while not saying I was doing so, "sudo DOWNLOAD THE INTERNET" into the terminal while goofing.
Funny story but I did feel a bit embarrassed at the time.
[+] [-] stilley2|2 years ago|reply
[+] [-] ww520|2 years ago|reply
I collected dozens of usernames and passwords before the professor of my CS class stopped me one day after class and said, you better stop whatever you're doing. Apparently the system saved the typing of all sessions and the admin actually went through all of them.
The next semester all the terminals had a physical switch installed that had to be pressed to reset the terminal before logon. That killed any running program. I was glad to play a small part in improving the security of my school lab.
[+] [-] nailer|2 years ago|reply
[+] [-] pram|2 years ago|reply
[+] [-] asdfman123|2 years ago|reply
[+] [-] themodelplumber|2 years ago|reply
I tried to flip it back on just afterward, to resume my business (lol) but found that my login was blocked with a message...come up to security in room 300-something and talk to us to get your account un-suspended.
The issue leading to the frantic shutdown goes as follows:
I had been browsing some of JWZ's online journals in Netscape...the old about:jwz trick.
Within those pages, there's a linked audio clip of the fake *rgasm scene from "When Harry Met Sally".
I clicked on the link not realizing what would happen, and of course this passionate audio clip played at more or less full volume to a computer lab full of university students from China.
(They were extremely "I didn't notice that" about the whole thing, but I was beet red and frantically scanning the room for anyone who I could possibly nervously laugh with...)
Back then Netscape didn't show any audio controls that I could find anywhere when clips like that played, which was also a really frustrating part of this. I guess it just handed off the audio to some process which I could have found via `top` if I had the time.
There was also an internal speaker, nothing with a manual volume control. Great!
Anyway, I went upstairs, got my lecture about other people who could have had sessions terminated while working on the same workstation, got the login back, and fortunately none of the Chinese students seemed to have let my er..._BYU_ CS security admins...know about the situation in the lab. lol.
(No longer a practicing Mormon; still think CDE is cool)
Edit: Just for the memories...at the same time, I had a PT job doing university IT support on a Novell network, and we supported, among other places (the MTC, the laundry, Creamery--PHEW those amazing chocolate malt shakes--but not so phew the time the creamery's huge 1K+ gal. milk vats leaked and there was a foot of standing milk in our PCs there, etc.), the married student housing computer labs.
Colloquially labeled by my boss and others as the "rabbit hutches"...
This was still pretty early days for the web, and I remember periodically getting frantic voicemails from newly-married folks.
A common version of the voice message would be something like, "Hi, uh...I was in the married student housing lab...trying to book airline tickets for my husband to fly home and see his mom...anyway (tearful quivering voice starts)...russian porn came up I guess? I mean I am just guessing...uh, so anyway...(crying harder, phew)...the lab assistant gave me your number, and here's my number, if we need to talk about this or anything, call me I guess?"
I can't imagine what those students must have felt when the lab assistant just shrugged their shoulders regarding "what to do about this" and gave them somebody's office number to call. Up the chain with you!
Gestapo-level perceptions would always tend to kick in at that point...and you had to maintain an ecclesiastical endorsement to continue studies there, so this was a pretty big deal. Anything involving porn was always at the potentially-terminate-your-entire-university-experience level.
(Often the calls to those labs were pretty funny though. Like a toddler put a dorito inside of a CD-ROM drive, bring your hemostat, things like that. Afterward we'd get a Jamba Juice, or get a free cafeteria meal from a really nice food-services manager, chat about Everquest, etc.)
[+] [-] tomatodevice|2 years ago|reply
[+] [-] SushiHippie|2 years ago|reply
[+] [-] urbandw311er|2 years ago|reply
https://xkcd.com/838
[+] [-] duxup|2 years ago|reply
But that’s probably why they don’t come out to lecture.
[+] [-] john_shafthair|2 years ago|reply
[+] [-] NoZebra120vClip|2 years ago|reply
1990, freshman in college, Pascal class on AT&T Unix SVR3 3B2 cluster named "earth", "wind", and "fire". We'd just learned our way around "vi" and how to "uvapc" our Pascal source into a.out.
I discovered anonymous ftp, and "make", and I quickly rose to become the gaming king of Pascal class. I had ularn, nethack, megs and megs of games crammed in my no-quota $HOME, and I'd opened permissions for everyone else to access and play them. I often chit-chatted with a classmate or two over "write" or "ytalk".
Not content to merely play games, I became mischievous with the system and its inner workings. I created a .profile and a .plan, the latter of which used VT100 cursor escape sequences to self-modify the screen, such as changing my $HOME to "/" and I also made a boastful comment about having root access.
It was all in good fun, and then came the day that I discovered /etc/passwd and I attempted to "su" to every single system account I found listed. I mean some of their passwords were just "*" so they must've been wide open!!1
I soon received ominous, chilling email from the unseen sysadmin of the whole cluster. He described to me everything I'd done up to this point, and he informed me that saying I have root access is like telling airport officials that I have a bomb. That point definitely drove it home to me as a young and dumb hacker.
So, for the rest of my short college career, while I did some silly "extra-curricular" things with my own compute resources, I was careful to not try and break system security, or even say that I had, for fear of the wrath of the unseen sysadmin.
[+] [-] squeaky-clean|2 years ago|reply
Not related to sudo, but this brought back a memory of the cluster I had access to during my college internship. 6 computers, I don't remember what kind or vendor. Named after the starter Pokemon for generations 1 & 2. They were in the rear of the room behind a cage I did not have a key for.
One day a sysadmin came into the room asking "Uhhh... I'm looking for a... totodile?" The way he pronounced totodile made it clear he had no idea what a pokemon was.
He had to remove it and replace something, didn't really give us any details. A few days later he brought the server back and hooked it back up to the cluster. The very first thing we did was rename it to Croconaw. (The evolved form of Totodile).
[+] [-] ww520|2 years ago|reply
[+] [-] devenvdev|2 years ago|reply
[+] [-] Aeolun|2 years ago|reply
[+] [-] jamal-kumar|2 years ago|reply
[1] https://man.openbsd.org/security.8
[2] https://man.openbsd.org/doas
[+] [-] dingledork69|2 years ago|reply
[+] [-] evilspammer|2 years ago|reply
[+] [-] forgotusername6|2 years ago|reply
[+] [-] barnbuilder|2 years ago|reply
[+] [-] ibic|2 years ago|reply
[+] [-] blueflow|2 years ago|reply
[+] [-] kitsunesoba|2 years ago|reply
As a kid the only bit of that message that made any sense was "illegal operation" which made me wonder if I'd broken some law somehow.
[+] [-] moogly|2 years ago|reply
> Could not grab your mouse.
> A malicious client may be eavesdropping on your session or you may have just clicked a menu or some application just decided to get focus.
> Try again.
> [Close]
[+] [-] IshKebab|2 years ago|reply
[+] [-] bvinc|2 years ago|reply
[+] [-] kmeisthax|2 years ago|reply
[+] [-] klyrs|2 years ago|reply
[+] [-] seanhunter|2 years ago|reply
[1] With the legendary 1.2.13 kernel
[+] [-] johnisgood|2 years ago|reply
[+] [-] Buttons840|2 years ago|reply
This feature seems to come from a world where elite hackers simply repeat the same sudo command over and over hoping it will eventually work.
[+] [-] its-summertime|2 years ago|reply
[+] [-] wolfd|2 years ago|reply
`sudo hi chris`
[+] [-] gvurrdon|2 years ago|reply
[+] [-] nixcraft|2 years ago|reply
[+] [-] elashri|2 years ago|reply
Anyway fast forward today. I know the answer to the question to whom usually this notification gets sent. They forward it via SMTP server to the person on computing shift (at least for some of the experiments) based on the experiment this person (who tried sudo) account belongs too. probably also some IT email.
Anyway it is stressful for new and young people. but honestly I never read them. I have email rule to put them inside specific folder I don't usually open.
[+] [-] bee_rider|2 years ago|reply
[+] [-] justinator|2 years ago|reply
No wonder we've had so many high profile breaches.
Maybe this is what all those layoffs are about.
[+] [-] steeleyespan|2 years ago|reply
[+] [-] urbandw311er|2 years ago|reply
(Sorry for posting this twice. It was just too relevant here)
[+] [-] ec109685|2 years ago|reply
[+] [-] estebarb|2 years ago|reply