Ubuntu Pastebin

Paste from TJ at Sat, 2 Apr 2016 08:27:28 +0000

Download as text 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
16.04

Reported on IRC #ubuntu+1, 00:44 UTC+1 April 2nd 2016

User's account 'mec' was apparently removed from the 'sudo' group (/etc/group) immediately after

00:15:42 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/bin/apt-get install libapache2-mod-php5
00:17:07 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/a2enmod php5

After this attempts to authenticate as a sudo user were denied:

00:17:23 mec-7200-5150A polkit-agent-helper-1[16291]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=root rhost=  user=root

We narrowed it down via these /var/log/auth.log reports:

Apr  1 23:49:57 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  1 23:49:57 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  1 23:54:39 mec-7200-5150A sudo:      mec : TTY=pts/7 ; PWD=/var/www/wheeler/zen-cart/admin/includes ; USER=root ; COMMAND=/usr/bin/apt-get install curl
Apr  1 23:54:39 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  1 23:54:43 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  1 23:57:34 mec-7200-5150A pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr  1 23:57:34 mec-7200-5150A pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr  1 23:57:34 mec-7200-5150A pkexec[14470]: mec: Executing command [USER=root] [TTY=unknown] [CWD=/home/mec] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr  2 00:09:01 mec-7200-5150A CRON[14663]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 00:09:01 mec-7200-5150A CRON[14663]: pam_unix(cron:session): session closed for user root
Apr  2 00:10:22 mec-7200-5150A sudo:      mec : TTY=pts/7 ; PWD=/var/www/wheeler/zen-cart/admin/includes ; USER=root ; COMMAND=/bin/nano /etc/apache2/conf-available/fqdn.conf
Apr  2 00:10:22 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:10:46 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:12:42 mec-7200-5150A sudo:      mec : TTY=pts/7 ; PWD=/var/www/wheeler/zen-cart/admin/includes ; USER=root ; COMMAND=/usr/sbin/a2enconf fqdn
Apr  2 00:12:42 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:12:42 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:14:15 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/a2enmod php7
Apr  2 00:14:15 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:14:15 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:14:19 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/a2enmod php
Apr  2 00:14:19 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:14:19 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:14:46 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/a2enmod php5
Apr  2 00:14:46 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:14:46 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:15:42 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/bin/apt-get install libapache2-mod-php5
Apr  2 00:15:42 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:16:59 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:17:01 mec-7200-5150A CRON[16270]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 00:17:01 mec-7200-5150A CRON[16270]: pam_unix(cron:session): session closed for user root
Apr  2 00:17:07 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/a2enmod php5
Apr  2 00:17:07 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:17:07 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:17:18 mec-7200-5150A polkitd(authority=local): Registered Authentication Agent for unix-process:16282:5514607 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 4 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent,$
Apr  2 00:17:23 mec-7200-5150A polkit-agent-helper-1[16291]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=root rhost=  user=root
Apr  2 00:17:26 mec-7200-5150A polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.124 [systemctl restart apache2.service] (owned by $
Apr  2 00:17:26 mec-7200-5150A polkitd(authority=local): Unregistered Authentication Agent for unix-process:16282:5514607 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_IE.UTF-8) (disconnected from bus)
Apr  2 00:17:29 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/service apache2 restart
Apr  2 00:17:29 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:17:29 mec-7200-5150A polkitd(authority=local): Registered Authentication Agent for unix-process:16294:5515772 (system bus name :1.125 [/usr/bin/pkttyagent --notify-fd 4 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent,$
Apr  2 00:17:31 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:17:31 mec-7200-5150A polkitd(authority=local): Unregistered Authentication Agent for unix-process:16294:5515772 (system bus name :1.125, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_IE.UTF-8) (disconnected from bus)
Apr  2 00:17:43 mec-7200-5150A polkit-agent-helper-1[16362]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=root rhost=  user=root
Apr  2 00:17:57 mec-7200-5150A polkit-agent-helper-1[16363]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=root rhost=  user=root

Apr  2 00:18:02 mec-7200-5150A polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1899:14061 [/sbin/upstart --user] (owned by unix-user:mec)
Apr  2 00:18:02 mec-7200-5150A pkexec[16359]: mec: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/mec] [COMMAND=/usr/share/apport/apport-gtk]
Apr  2 00:18:11 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/service apache2 restart
Apr  2 00:18:11 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:18:11 mec-7200-5150A polkitd(authority=local): Registered Authentication Agent for unix-process:16368:5519895 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 4 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent,$
Apr  2 00:18:11 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:18:11 mec-7200-5150A polkitd(authority=local): Unregistered Authentication Agent for unix-process:16368:5519895 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_IE.UTF-8) (disconnected from bus)
Apr  2 00:18:34 mec-7200-5150A pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr  2 00:18:34 mec-7200-5150A pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr  2 00:18:34 mec-7200-5150A pkexec[16418]: mec: Executing command [USER=root] [TTY=unknown] [CWD=/home/mec] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr  2 00:19:03 mec-7200-5150A sudo:      mec : TTY=pts/8 ; PWD=/var/www/wheeler/zen-cart ; USER=root ; COMMAND=/usr/sbin/service apache2 status
Apr  2 00:19:03 mec-7200-5150A sudo: pam_unix(sudo:session): session opened for user root by mec(uid=0)
Apr  2 00:19:03 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:19:38 mec-7200-5150A sudo: pam_unix(sudo:auth): conversation failed
Apr  2 00:19:38 mec-7200-5150A sudo: pam_unix(sudo:auth): auth could not identify password for [mec]
Apr  2 00:19:41 mec-7200-5150A sudo: pam_unix(sudo:session): session closed for user root
Apr  2 00:19:53 mec-7200-5150A systemd-logind[849]: System is rebooting.
Apr  2 00:19:54 mec-7200-5150A systemd: pam_unix(systemd-user:session): session closed for user mec
Apr  2 00:20:17 mec-7200-5150A systemd-logind[849]: New seat seat0.
Apr  2 00:20:17 mec-7200-5150A systemd-logind[849]: Watching system buttons on /dev/input/event1 (Power Button)
Apr  2 00:20:17 mec-7200-5150A systemd-logind[849]: Watching system buttons on /dev/input/event2 (Video Bus)
Apr  2 00:20:17 mec-7200-5150A systemd-logind[849]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM adding faulty module: pam_kwallet.so
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM adding faulty module: pam_kwallet5.so
Apr  2 00:20:19 mec-7200-5150A lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr  2 00:20:19 mec-7200-5150A systemd-logind[849]: New session c1 of user lightdm.
Apr  2 00:20:19 mec-7200-5150A systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM adding faulty module: pam_kwallet.so
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM adding faulty module: pam_kwallet5.so

Apr  2 00:20:19 mec-7200-5150A lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr  2 00:20:19 mec-7200-5150A lightdm: PAM adding faulty module: pam_kwallet5.so
Apr  2 00:20:19 mec-7200-5150A lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mec"
Apr  2 00:20:20 mec-7200-5150A dbus[876]: [system] Rejected send message, 13 matched rules; type="method_return", sender=":1.23" (uid=0 pid=1489 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name=$
Apr  2 00:24:42 mec-7200-5150A lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr  2 00:24:42 mec-7200-5150A lightdm: pam_unix(lightdm:session): session opened for user mec by (uid=0)
Apr  2 00:24:42 mec-7200-5150A systemd-logind[849]: New session c2 of user mec.
Apr  2 00:24:42 mec-7200-5150A systemd: pam_unix(systemd-user:session): session opened for user mec by (uid=0)
Apr  2 00:24:42 mec-7200-5150A gnome-keyring-daemon[1842]: The SSH agent was already initialized
Apr  2 00:24:42 mec-7200-5150A gnome-keyring-daemon[1842]: The Secret Service was already initialized
Apr  2 00:24:42 mec-7200-5150A gnome-keyring-daemon[1842]: The PKCS#11 component was already initialized
Apr  2 00:24:42 mec-7200-5150A polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.42 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent,$
Apr  2 00:24:43 mec-7200-5150A pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr  2 00:24:43 mec-7200-5150A pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr  2 00:24:43 mec-7200-5150A pkexec[2155]: mec: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/sbin/xfpm-power-backlight-helper --set-brightness-switch 0]
Apr  2 00:25:02 mec-7200-5150A systemd-logind[849]: Removed session c1.
Apr  2 00:25:02 mec-7200-5150A systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr  2 00:25:41 mec-7200-5150A sudo:      mec : user NOT in sudoers ; TTY=pts/6 ; PWD=/home/mec ; USER=root ; COMMAND=/usr/sbin/service apache2 start
Apr  2 00:26:37 mec-7200-5150A sudo:      mec : user NOT in sudoers ; TTY=unknown ; PWD=/home/mec ; USER=root ; COMMAND=/usr/bin/thunar
Apr  2 00:28:30 mec-7200-5150A sudo:      mec : user NOT in sudoers ; TTY=pts/6 ; PWD=/etc ; USER=root ; COMMAND=/bin/cat sudoers
Apr  2 00:39:01 mec-7200-5150A CRON[2681]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 00:39:01 mec-7200-5150A CRON[2682]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 00:39:01 mec-7200-5150A CRON[2682]: pam_unix(cron:session): session closed for user root
Apr  2 00:39:01 mec-7200-5150A CRON[2681]: pam_unix(cron:session): session closed for user root
Apr  2 00:45:38 mec-7200-5150A polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.systemtoolsbackends.set for system-bus-name::1.78 [users-admin] (owned by unix-user:mec)
Apr  2 00:52:27 mec-7200-5150A dbus[876]: [system] Rejected send message, 12 matched rules; type="method_return", sender=":1.2" (uid=111 pid=828 comm="avahi-daemon: starting up ") interface="(unset)" member="(unset)" error name="(unset)" requested_repl$
Apr  2 00:52:27 mec-7200-5150A dbus[876]: [system] Rejected send message, 12 matched rules; type="method_return", sender=":1.2" (uid=111 pid=828 comm="avahi-daemon: starting up ") interface="(unset)" member="(unset)" error name="(unset)" requested_repl$
Apr  2 01:09:01 mec-7200-5150A CRON[3564]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 01:09:01 mec-7200-5150A CRON[3565]: pam_unix(cron:session): session opened for user root by (uid=0)
Download as text