You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security auth notifications — email alerts on sudo elevation and privileged SSH logins (requires SMTP configured):
Sudo: notifies when any user successfully elevates to root via sudo, including who ran it and from which TTY
SSH login: notifies when root or any sudoer logs in via SSH, including source IP
Integrated via PAM (pam_exec.so); runs asynchronously to avoid login delays; fails silently if SMTP is not configured
Auth notifications: suppress internal sudo events — sudo notifications triggered by Cipi internal operations (API calls via PHP-FPM, queue workers, cron jobs, systemd services) are now silently skipped; only interactive sudo elevations from real SSH sessions generate alerts
Detection via kernel loginuid (primary) with process-tree inspection fallback (php-fpm, artisan queue, supervisord, cipi-queue)
Auth notifications: resolve "User: unknown" — the SUDO_USER field in sudo alerts now correctly resolves the calling user via loginuid when the PAM environment does not propagate $SUDO_USER
