I spotted this in my latest LogWatch message:
--------------------- Sudo (secure-log) Begin ------------------------
Unmatched Entries:
www-data : TTY=unknown ; PWD=/usr/share/web-admin ; USER=root ; COMMAND=/usr/lib/web-admin/backend.pl dump_file /etc/shadow
---------------------- Sudo (secure-log) End -------------------------
It looks like there is a major weakness somewhere that is allowing system files (such as the password file!) to be read by users via the web interface.
Looks like I am about to be pwned
![Mad :x](./images/smilies/icon_mad.gif)
![Shocked :shock:](./images/smilies/icon_eek.gif)
![Crying or Very sad :cry:](./images/smilies/icon_cry.gif)
I am checking my logs in detail...