NEED HELP SYSTEM COMPROMISED SUDOERS FILE HACKED

[Admiral black]

MY Mac and all my iOS devices are compromised web traffic monitored and microphones are all open. Here is my sudoers file you will see the permissions and the ip addresses, all my web traffic is being routed through and furthermore I cannot edit the file in visudo. Help needed and this is probably only one of many files that needs to be erased or reset to default. The main issue is either something is attached to my Harddrive or Apple ID but I can erase and set up new device from new not a backup and this sudoers file remains.




##
# Runas alias specification
##
# Runas_Alias OP = root, operator

##
# Host alias specification
##
# Host_Alias CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias SERVERS = master, mail, www, ns
# Host_Alias CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%admin ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d

 

[Nermal]

Is that the complete content of the file, or do you have a bunch of "Defaults" lines too?

The IP addresses in that file are normal.

 

[bogdanw]

For comparison https://opensource.apple.com/source/sudo/sudo-94.141.1/files/sudoers.auto.html

 

[Bigwaff]

The “#” is a comment character. Those lines are comments.

 

[JonaM]

From what you have pasted this is the entirely normal and correct default file.

Are there any specific reasons that you've gone looking for signs of compromise?

 

[NoBoMac]

Permissions of the file are incorrect? Seem to recall that visudo will error if the permissions are incorrect.

File needs to be 440 with root ownership.

 

[Admiral black]

Permissions of the file are incorrect? Seem to recall that visudo will error if the permissions are incorrect.

File needs to be 440 with root ownership.

It seems it did attach how it appears in the actual file but there’s probably 20 lines that separate the file from

The “#” is a comment character. Those lines are comments.

The # means exactly? I’ve started another post with exactly what’s happening with my MacBook and my mini and would welcome any advice. Thanks for the comment.

 

[Bigwaff]

The # means exactly?

It's a character indicating the contents of the line in the file is a "comment"... not code, not configuration, basically to be ignored by the program loading the file. Honestly, you shouldn't be poking around, let alone editing, any of these operating system configuration files if you have to be told what the "#" character is used for. You run the risk of rendering your system inoperable if you don't know what you are doing.

 

[JonaM]

You seem to be looking for signs of having been hacked and are interpreting standard comment lines in the file as evidence that something is wrong.

Is there anything specific that makes you think you’ve been compromised or who/what told you to go looking in these core config files?

As mentioned you’re probably lucky that you can’t edit the file as you can very easily make the entire system unusable.

 

[JustAnExpat]

It seems it did attach how it appears in the actual file but there’s probably 20 lines that separate the file from

The # means exactly? I’ve started another post with exactly what’s happening with my MacBook and my mini and would welcome any advice. Thanks for the comment.

I agree with what someone else said. If you don't know what a comment code is, I don't think you should be looking around at those files :O

My question is, what makes you think you've been hacked? And what does "being hacked" means to you?