Can someone please have a look at my modified sudoers file?
Hi,
I just ran EtreCheck to see if there were any issues with my computer and it flagged that my sudoers file has been modified. Based on the report below, is this something I should be concerned about?
Thank you for taking a look, I really appreciate it.
Here are the contents of my sudoers file:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
#includedir /etc/sudoers.d
And here is the EtreCheck report:
EtreCheck version: 4.1.3 (4A188)
Report generated: 2018-03-21 13:11:22
Download EtreCheck from https://etrecheck.com
Runtime: 2:36
Performance: Excellent
Problem: No problem - just checking
Major Issues:
Anything that appears on this list needs immediate attention.
Modified suoders file - The sudoers file has been modified. This is unusual and is sometimes evidence of malware.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Heavy RAM usage - This machine is using a large amount of RAM.
Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
iMac (Retina 5K, 27-inch, Late 2014)
iMac Model: iMac15,1
1 3.5 GHz Intel Core i5 (i5-4690) CPU: 4-core
32 GB RAM At maximum
BANK 0/DIMM0
8 GB DDR3 1600 ok
BANK 1/DIMM0
8 GB DDR3 1600 ok
BANK 0/DIMM1
8 GB DDR3 1600 ok
BANK 1/DIMM1
8 GB DDR3 1600 ok
Video Information:
AMD Radeon R9 M295X - VRAM: 4 GB
iMac 5120 x 2880
LED Cinema Display 2560 x 1440
Drives:
disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x2 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 [Core Storage Container] 120.99 GB
disk2 - Macintosh HD (Journaled HFS+) [Fusion Drive] 3.11 TB
disk0s3 - B*******X [Recovery] 134 MB
disk1 - APPLE HDD ST3000DM001 3.00 TB (Mechanical)
Internal SATA 6 Gigabit Serial ATA
disk1s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk1s2 [Core Storage Container] 3.00 TB
disk2 - Macintosh HD (Journaled HFS+) [Fusion Drive] 3.11 TB
disk1s3 - Recovery HD [Recovery] 650 MB
Mounted Volumes:
disk2 - Macintosh HD [Fusion Drive] 3.11 TB (1.12 TB free)
Journaled HFS+
Mount point: /
Network:
Interface usbmodem1440: MT65xx Preloader 5
Interface usbmodem14410: MT65xx Preloader 4
Interface usbmodem1420: MT65xx Preloader 3
Interface usbmodem1430: MT65xx Preloader 2
Interface usbmodem1410: MT65xx Preloader
Interface Bluetooth-Modem: Bluetooth DUN
Interface en0: Ethernet
One IPv4 address
Interface en6: iPad
Interface en1: Wi-Fi
Interface en5: iPhone
Interface en4: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
iCloud Quota: 123.30 GB available
System Software:
macOS High Sierra 10.13.3 (17D102)
Time since boot: Less than an hour
System Load: 1.86 (1 min ago) 2.39 (5 min ago) 2.34 (15 min ago)
Configuration Files:
File /etc/sudoers size: Found 1302 but expected 1563
Security:
System | Status |
---|---|
Gatekeeper | Mac App Store and identified developers |
System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/JavaUpdater.app/Contents/Ma cOS/JavaUpdater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.prey.agent.plist
Executable: /usr/local/lib/prey/current/bin/prey
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.datarobotics.ddserviced.plist
Executable: /Library/Application Support/Data Robotics/Drobo Dashboard/DDServiced
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.akamai.single-user-client.plist
Executable: ~/Applications/Akamai/netsession_mac
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
Name | Version |
SuperDuper! | 2.9.2 |
Drobo_Dashboard_uninstall | |
Akamai NetSession Uninstaller | 1.0 |
Kindle | 1.21.1 |
quicklookd32 | 5.0 |
DVD Player | 5.8 |
macui | 1.0 |
zoom | 4.0.38982.0714 |
Tuxera Disk Manager | 2015.1 |
GoToOpener | 1.0.473 |
Audacity | 2.1.1.0 |
InkServer | 10.9 |
checkclientstatus | 1.0 |
Kernel Extensions:
/Applications/VMware Fusion.app
[Loaded] VMwareVMCI.kext (VMware, Inc., 10.0.1)
[Loaded] vmioplug.kext (VMware, Inc., 10.0.1)
[Loaded] vmnet.kext (VMware, Inc., 10.0.1)
[Loaded] vmmon.kext (VMware, Inc., 10.0.1)
/Applications/zoom.us.app
[Not Loaded] ZoomAudioDevice.kext (1.1 - SDK 10.8)
/Library/Application Support/Transmit/Transmit Disk.app
[Not Loaded] osxfuse.kext (Panic, Inc., 4.4.10 - SDK 10.9)
/Library/Extensions
[Not Loaded] TrustedDataSCSIDriver.kext (Drobo, Inc., 1.8.0 - SDK 10.10)
[Not Loaded] DroboTBT.kext (Drobo, Inc., 1.2 - SDK 10.10)
[Loaded] TelestreamAudio.kext (Telestream Inc., 1.1.1 - SDK 10.8)
/System/Library/Extensions
[Not Loaded] TACC.kext (1.0.2 - SDK 10.8)
Startup Items:
TuxeraNTFSUnmountHelper Path: /Library/StartupItems/TuxeraNTFSUnmountHelper
System Launch Agents:
[Not Loaded] | 9 Apple tasks |
[Loaded] | 172 Apple tasks |
[Running] | 109 Apple tasks |
System Launch Daemons:
[Not Loaded] | 37 Apple tasks |
[Loaded] | 178 Apple tasks |
[Running] | 117 Apple tasks |
Launch Agents:
[Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04) |
[Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-01-23) |
[Loaded] | com.oracle.java.Java-Updater.plist (? 17e976c - installed 2017-12-20) |
Launch Daemons:
[Loaded] | com.vmware.VMMonHelper.plist (VMware, Inc. - installed 2018-03-21) |
[Loaded] | com.vmware.KextControlHelper.plist (VMware, Inc. - installed 2018-03-21) |
[Loaded] | com.oracle.java.Helper-Tool.plist (? fa56dec8 - installed 2017-12-20) |
[Loaded] | com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2015-11-07) |
[Running] | com.datarobotics.ddservice64d.plist (Drobo, Inc. - installed 2017-09-20) |
[Loaded] | net.telestream.LicensingHelper.plist (Telestream LLC - installed 2016-06-22) |
[Running] | com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-01-23) |
[Running] | com.datarobotics.ddserviced.plist (? c4715cc4 - installed 2017-05-18) |
[Loaded] | com.google.keystone.daemon.plist (Google, Inc. - installed 2018-03-06) |
[Running] | com.backblaze.bzserv.plist (Backblaze - installed 2018-02-01) |
[Other] | com.prey.agent.plist (? 714c4ad6 - installed 2017-09-05) |
User Launch Agents:
[Running] | com.spotify.webhelper.plist (Spotify - installed 2018-02-10) |
[Running] | com.sucofyeh.agent.plist (Jasper Software, Inc - installed 2017-07-15) |
[Loaded] | com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-11) |
[Loaded] | com.logmein.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2018-03-06) |
[Loaded] | com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2018-03-06) |
[Running] | com.akamai.single-user-client.plist (? 0 - installed 2017-09-12) |
[Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-01-23) |
[Running] | com.backblaze.bzbmenu.plist (Backblaze - installed 2018-02-01) |
User Login Items:
Dropbox Application (Dropbox, Inc.
(/Applications/Dropbox.app)
Alfred 3 Application (Running with Crayons Ltd
(/Applications/Alfred 3.app)
HighSierraMediaKeyEnabler Application (Toth Milan
(/Applications/HighSierraMediaKeyEnabler.app)
Things Helper Application (Cultured Code GmbH & Co. KG
(~/Library/Application Support/Things Sandbox Helper/ThingsMacSandboxHelper.app)
BetterTouchTool Application (Andreas Hegenberg
(/Applications/BetterTouchTool.app)
Spotify Helper Application (Spotify
(/Applications/Spotify.app/Contents/Frameworks/Spotify Helper.app)
Moom Application (Mac App Store
(/Applications/Moom.app)
Fantastical Launcher SMLoginItem (Flexibits Inc. - installed 2018-03-02)
(/Applications/Fantastical 2.app/Contents/Library/LoginItems/Fantastical Launcher.app)
1Password mini SMLoginItem (AgileBits Inc. - installed 2018-03-20)
(/Applications/1Password 6.app/Contents/Library/LoginItems/2BUA8C4S2C.com.agilebits.onepassword4-helper. app)
screenfloatLoginHelper SMLoginItem (Mac App Store - installed 2018-03-20)
(/Applications/ScreenFloat.app/Contents/Library/LoginItems/screenfloatLoginHelp er.app)
SnagitLaunchAtLogin SMLoginItem (TechSmith Corporation - installed 2016-07-06)
(/Applications/Snagit.app/Contents/Library/LoginItems/SnagitLaunchAtLogin.app)
Internet Plug-ins:
AdobePDFViewerNPAPI: 11.0.13 (installed 2015-10-18)
QuickTime Plugin: 7.7.3 (installed 2018-02-16)
AdobePDFViewer: 11.0.13 (installed 2015-10-18)
JavaAppletPlugin: Java 9.0.4 build 11 (installed 2018-03-18)
jdk: Unknown (installed 2018-03-18)
User Internet Plug-ins:
ZoomUsPlugIn: 4.0.38982.0714 (installed 2017-08-29)
Safari Extensions:
1Password.safariextz - AgileBits - https://agilebits.com/onepassword (installed 2017-11-07) |
Grammarly Spell Checker & Grammar Checker.safariextz - Grammarly - https://www.grammarly.com (installed 2016-04-19) |
3rd Party Preference Panes:
Akamai NetSession Preferences (installed 2017-09-12)
Backblaze Backup (installed 2018-02-01)
Java (installed 2018-03-18)
Tuxera NTFS (installed 2015-12-22)
Time Machine:
Skip System Files:
Mobile backups: No
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 3.11 TB - Disk used: 2.00 TB
Destinations:
D***o [Local] (Last used)
Total size: 70.37 TB
Total number of backups: 65
Oldest backup: 2017-11-06 22:34:34
Last backup: 2018-03-21 12:12:42
Top Processes by CPU:
Process (count) | Source | % of CPU |
WindowServer | Apple | 8 |
com.apple.WebKit.WebContent (9) | Apple | 7 |
Safari | Apple | 5 |
kernel_task | Apple | 3 |
mdworker (11) | Apple | 3 |
Top Processes by Memory:
Process (count) | Source | RAM usage |
com.apple.WebKit.WebContent (9) | Apple | 2.99 GB |
kernel_task | Apple | 1.78 GB |
mdworker (11) | Apple | 359 MB |
Safari | Apple | 321 MB |
Spotify Helper (3) | Spotify | 276 MB |
Top Processes by Network Use:
Process | Source | Input | Output |
com.apple.WebKit.Networking | Apple | 1 MB | 841 KB |
Spotify | Spotify | 608 KB | 364 KB |
mDNSResponder | Apple | 391 KB | 44 KB |
Dropbox | Dropbox, Inc. | 126 KB | 259 KB |
netsession_mac | 12 KB | 18 KB |
Top Processes by Energy Use:
Process (count) | Source | Energy usage (0-100) |
softwareupdated | Apple | 10 |
WindowServer | Apple | 6 |
com.apple.speech | 2 | |
SiriNCService | 2 | |
System Preferences | Apple | 2 |
Virtual Memory Information:
Available RAM | 23.35 GB |
Free RAM | 19.94 GB |
Used RAM | 8.65 GB |
Cached files | 3.42 GB |
Swap Used | 0 B |
Software Installs (past 30 days):
Name | Version | Install Date |
Moom | 3.2.10 | 2018-03-12 |
Things | 3.4.1 | 2018-03-12 |
Dimensions | 1.4 | 2018-03-12 |
ScreenFloat | 1.5.14 | 2018-03-20 |
Clean up:
com.culturedcode.ThingsMac -
Diagnostics Information (past 7 days):
2018-03-21 12:36:11 Last Shutdown Cause: 0 - Power loss (once)
End of report