Security onion sensor popping up sudo: /etc/sudoers.d/securityonion is mode 0777, should be 0440, after executing any command.

61 views
Skip to first unread message

Satya Vegulla

unread,
Sep 28, 2017, 4:29:33 AM9/28/17
to security-onion
Hello,

Initially security onion server stopped responding to ssh.
And when we tried to check and add the firewall rule, it says skipping adding existing rule, by popping an alert.
sudo: /etc/sudoers.d/securityonion is mode 0777, should be 0440

so tried changing the permissions for /etc/sudoers and then /etc/sudoers.d/securityonion in the grub by interrupting the boot.

later when resuming from the boot, it has showed some errors.

Please find the screen shots pasted in the attached word document.


Please let us know, how we can proceed further.


Thanks,
Satya.

etc sudoers issue.docx

Wes Lambert

unread,
Sep 28, 2017, 7:44:39 AM9/28/17
to securit...@googlegroups.com
It looks like all of /etc/ may had permissions changed to be writable by anyone.  Do you have any idea why that may have occurred.  Does anyone else log on or administer this box?  It may be easier just to re-install.

In the future, please refrain from attaching Word documents, and attach the actual image files instead.




--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

Shane Castle

unread,
Sep 28, 2017, 8:24:28 AM9/28/17
to securit...@googlegroups.com
I agree, wipe and rebuild is the quickest way to fix this. But it would be an
interesting exercise to try to find out how this happened. Log files...

I certainly hope that the NSM is not directly Internet-exposed.

--
Mit besten Grüßen
Shane Castle

Satya Vegulla

unread,
Sep 28, 2017, 8:42:29 AM9/28/17
to security-onion
Hi Wes,

Sure, will not use Word document.
Actually not sure, how it started, although it was not reachable on SSH, it was functional in sending the alerts.
this box is not internet exposed.

Thanks,
Satya.

Satya Vegulla

unread,
Oct 23, 2017, 10:00:26 AM10/23/17
to security-onion

Hi,

Just checking, could this be a cause for SSH connection failure to this device,
We are unable to ssh in to this device.

Thanks,
Satya.

Wes Lambert

unread,
Oct 23, 2017, 11:21:03 AM10/23/17
to securit...@googlegroups.com
I'm not sure.  I'm not sure how you tried to change permissions back before, but you could try the following if you haven't already.


Thanks,
Wes


Thanks,
Satya.

Reply all
Reply to author
Forward
0 new messages