Open jidanni opened 1 month ago
Currently the email messages just contain the same info that was logged via syslog. In your example the user tried to run /usr/bin/w as root. If you know how to read the sudo syslog entries, you know how to read the email it sends too.
Which means both syslog and the email equally do not describe the incident adequately.
This lacks one critical detail,
i.e., what did the user do?
It should say that "user attempted run the command "w" using sudo, and entered a password, but then was discovered not to be on the sudoers list.
I mean one day one of these reports will end up in a court of law, so what happened needs to be real clear! Even if it was just little old me testing sudo.
Might as well also fold it to fit on one screen.
And maybe remove the blanks before the semicolons, as in English.