tags #958402 unreproducible thanks On Tue, Apr 21, 2020 at 04:19:16PM +0200, l0f4r0 wrote: > My journalctl indicates numerous alerts/1 like "sudo[XXX]: l0f4r0 : a > password is required ; TTY=unknown ; PWD=/home/l0f4r0 ; USER=root ; > COMMAND=/usr/bin/uptime". > Those happen up from 1/day to several times a day for 2+ months.
This happens when one invokes sudo -n uptime: |[3/7590]mh@drop:~ $ sudo -n /usr/bin/uptime |sudo: a password is required |[4/7591]mh@drop:~ $ tail -n 1 /var/log/auth.log |Feb 22 16:31:04 drop sudo: mh : a password is required ; TTY=pts/10 ; PWD=/home/mh ; USER=root ; COMMAND=/usr/bin/uptime |[5/7592]mh@drop:~ $ Maybe you have this in a script or a cronjob? > * /usr/bin/uptime doesn't need to be launched with administrative > privilege normally... Still something tries it. > that uses uptime (my only script in /home/l0f4r0 using uptime is ~/.conkyrc > and it can't > be that as I would get hundreds of alerts per day because of my 3s > refreshing, not several only). You could try disabling this on .conkyrc to find out whether this might still be causing the issue? This doesn't look like a sudo issue at all. Greetings Marc
