View previous topic :: View next topic |
Author |
Message |
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sun May 19, 2013 7:11 pm Post subject: prevent sudo from logging to syslog |
|
|
/me wodners how to avoid spamming my syslog with messages like Code: | n22 sudo: tfoerste : TTY=pts/3 ; PWD=/home/tfoerste ; USER=root ; COMMAND=/bin/tail -n 20 -f /var/log/messages
n22 sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
|
|
|
Back to top |
|
|
user Apprentice
Joined: 08 Feb 2004 Posts: 202
|
Posted: Sun May 19, 2013 11:57 pm Post subject: |
|
|
Hi toralf foerste,
one solution maybe:
Code: | # man 5 sudoers | grep -A2 syslog_goodpri
syslog_goodpri Syslog priority to use when user authenticates success‐
fully. Defaults to notice. |
If you set it to debug, logging should gone (assumption you don't log debug per default). |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Mon May 20, 2013 7:59 am Post subject: |
|
|
although I set this: Code: | $ sudo grep debug /etc/sudoers
Defaults syslog_goodpri = debug
| I still have those messages. |
|
Back to top |
|
|
ppurka Advocate
Joined: 26 Dec 2004 Posts: 3256
|
Posted: Mon May 20, 2013 8:14 am Post subject: |
|
|
Try nosyslog? From the manpage Code: | syslog Syslog facility if syslog is being used for logging (negate to disable syslog log‐
ging). Defaults to authpriv.
|
_________________ emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/ |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Mon May 20, 2013 8:30 am Post subject: |
|
|
I tried a lot - maybe b/c its Monday - please can someone give me the exact line in /etc/sudoers ? |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Mon May 20, 2013 9:28 am Post subject: |
|
|
Ick, I wasn't clear enough in my origin post - I already switched of logging of the command itself, but I'm annoyed by these 2 lines too : Code: | sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
sudo: pam_unix(sudo:session): session closed for user root
| which I cannot get rid off till now. |
|
Back to top |
|
|
Apheus Guru
Joined: 12 Jul 2008 Posts: 422
|
Posted: Fri May 24, 2013 1:15 pm Post subject: |
|
|
I cannot check at the moment, but I think it is
in /etc/sudoers |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Fri May 24, 2013 3:55 pm Post subject: |
|
|
I do have these 2 lines there : Code: | Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog
| so that the sudo command line isn't logged any longer but the pam message is still there : Code: | sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
sudo: pam_unix(sudo:session): session closed for user root
|
|
|
Back to top |
|
|
hamelg n00b
Joined: 12 Nov 2006 Posts: 8
|
Posted: Fri Sep 20, 2013 9:24 pm Post subject: |
|
|
to prevent pam_unix to log sesssion, you can negate the "pam_session" option.
Here is an exemple :
Code: |
Cmnd_Alias PRIVCMDS_NOLOG= \
/usr/bin/iptables -Z -nvxL *
Defaults!PRIVCMDS_NOLOG !syslog, !pam_session
POWERUSER ALL = NOPASSWD: PRIVCMDS_NOLOG
|
|
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sat Sep 21, 2013 7:36 am Post subject: |
|
|
just putting !pam_session behind Code: | Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog, !pam_session
| gives :
Code: | sudo: unknown defaults entry `pam_session' |
|
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sat Sep 21, 2013 8:01 am Post subject: |
|
|
If you are able to solve your issue in pure user mode
this will be the most serious bug regarding security.
Please, try further ... |
|
Back to top |
|
|
hamelg n00b
Joined: 12 Nov 2006 Posts: 8
|
Posted: Sat Sep 21, 2013 8:08 am Post subject: |
|
|
toralf wrote: | just putting !pam_session behind Code: | Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog, !pam_session
| gives :
Code: | sudo: unknown defaults entry `pam_session' |
|
This setting is only supported by version 1.8.7 or higher. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sat Sep 21, 2013 3:18 pm Post subject: |
|
|
yeah - 1.8.7 works fine - thx. |
|
Back to top |
|
|
albright Advocate
Joined: 16 Nov 2003 Posts: 2588 Location: Near Toronto
|
Posted: Sat Sep 21, 2013 4:02 pm Post subject: |
|
|
which raises the question since 1.8.7 was released in June, why
is it not in gentoo yet?
see http://www.sudo.ws/:
Quote: | The current stable release is sudo 1.8.7, released on June 6, 2013. |
_________________ .... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sat Sep 21, 2013 4:15 pm Post subject: |
|
|
I filed a bug already ... |
|
Back to top |
|
|
|