| View previous topic :: View next topic |
| Author |
Message |
Jimini
l33t
Joined: 31 Oct 2006
Posts: 601
Location: Germany
|
 Posted: Thu Sep 22, 2011 5:50 am Post subject: How to suppress sudo logging? |
 |
|
Hey there,
for monitoring purposes, my /etc/sudoers contains the following lines:
| Code: | zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md1
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md2
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md3
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md5
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md6
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md7
zabbix ALL=(ALL) NOPASSWD: /sbin/mdadm --detail /dev/md8
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sda
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdb
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdc
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdd
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sde
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdf
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdg
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl -a /dev/sdh
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/iptstate -1
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/iptstate -1 -t |
Since these commands are executed _really_ often, the messages of the successful use of sudo are filling my log files. How can I suppress logging just for these commands? The following settings do not work at all - everything keeps being logged:
| Code: | ## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output
Defaults log_output
Defaults!/sbin/mdadm !log_output
Defaults!/usr/sbin/smartctl !log_output
Defaults!/usr/sbin/iptstate !log_output |
Any help would be really appreciated.
Best regards,
Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu) |
|
| Back to top |
|
 |
massimo
Veteran
Joined: 22 Jun 2003
Posts: 1226
|
| Posted: Thu Sep 22, 2011 12:13 pm Post subject: |
|
|
You might need to give the full command in the Defaults part too.
_________________
Hello 911? How are you? |
|
| Back to top |
|
|
Jimini
l33t
Joined: 31 Oct 2006
Posts: 601
Location: Germany
|
| Posted: Thu Sep 22, 2011 1:45 pm Post subject: |
|
|
Sorry, I forgot to mention that - if I add the full command including any parameters like "Defaults!/usr/bin/iptstate -1 !log_output", visudo complains about that.
MfG Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu) |
|
| Back to top |
|
|
massimo
Veteran
Joined: 22 Jun 2003
Posts: 1226
|
| Posted: Thu Sep 22, 2011 2:25 pm Post subject: |
|
|
Does it work if you edit and save the file using any other editor?
_________________
Hello 911? How are you? |
|
| Back to top |
|
|
Jimini
l33t
Joined: 31 Oct 2006
Posts: 601
Location: Germany
|
| Posted: Sat Sep 24, 2011 5:33 am Post subject: |
|
|
I edited /etc/sudoers with nano to:
(47) Defaults!/usr/sbin/smartctl !log_output
(48) Defaults!/usr/sbin/iptstate -1 !log_output
As you can see, I added the parameter "-1" to line 48.
The following error was logged:
| Quote: | | Sep 24 07:30:40 Atlas sudo: zabbix : parse error in /etc/sudoers near line 47 ; TTY=unknown ; PWD=/ ; |
Best regards,
Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu) |
|
| Back to top |
|
|
|
Networking & Security
