Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
prevent sudo from logging to syslog
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Sun May 19, 2013 7:11 pm    Post subject: prevent sudo from logging to syslog Reply with quote

/me wodners how to avoid spamming my syslog with messages like
Code:
n22 sudo: tfoerste : TTY=pts/3 ; PWD=/home/tfoerste ; USER=root ; COMMAND=/bin/tail -n 20 -f /var/log/messages
 n22 sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
Back to top
View user's profile Send private message
user
Apprentice
Apprentice


Joined: 08 Feb 2004
Posts: 194

PostPosted: Sun May 19, 2013 11:57 pm    Post subject: Reply with quote

Hi toralf foerste,
one solution maybe:
Code:
# man 5 sudoers | grep -A2 syslog_goodpri
     syslog_goodpri    Syslog priority to use when user authenticates success‐
                       fully.  Defaults to notice.


If you set it to debug, logging should gone (assumption you don't log debug per default).
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Mon May 20, 2013 7:59 am    Post subject: Reply with quote

although I set this:
Code:
$ sudo grep debug /etc/sudoers
Defaults syslog_goodpri = debug
I still have those messages.
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Mon May 20, 2013 8:14 am    Post subject: Reply with quote

Try nosyslog? From the manpage
Code:
     syslog            Syslog facility if syslog is being used for logging (negate to disable syslog log‐
                       ging).  Defaults to authpriv.

_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Mon May 20, 2013 8:30 am    Post subject: Reply with quote

I tried a lot - maybe b/c its Monday - please can someone give me the exact line in /etc/sudoers ?
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Mon May 20, 2013 9:28 am    Post subject: Reply with quote

Ick, I wasn't clear enough in my origin post - I already switched of logging of the command itself, but I'm annoyed by these 2 lines too :
Code:
sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
sudo: pam_unix(sudo:session): session closed for user root
which I cannot get rid off till now.
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 422

PostPosted: Fri May 24, 2013 1:15 pm    Post subject: Reply with quote

I cannot check at the moment, but I think it is

Code:
Defaults !syslog


in /etc/sudoers
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Fri May 24, 2013 3:55 pm    Post subject: Reply with quote

I do have these 2 lines there :
Code:
Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog
so that the sudo command line isn't logged any longer but the pam message is still there :
Code:
sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)
sudo: pam_unix(sudo:session): session closed for user root
Back to top
View user's profile Send private message
hamelg
n00b
n00b


Joined: 12 Nov 2006
Posts: 8

PostPosted: Fri Sep 20, 2013 9:24 pm    Post subject: Reply with quote

to prevent pam_unix to log sesssion, you can negate the "pam_session" option.
Here is an exemple :

Code:

Cmnd_Alias PRIVCMDS_NOLOG= \
        /usr/bin/iptables -Z -nvxL *

Defaults!PRIVCMDS_NOLOG !syslog, !pam_session

POWERUSER ALL = NOPASSWD: PRIVCMDS_NOLOG
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Sat Sep 21, 2013 7:36 am    Post subject: Reply with quote

just putting !pam_session behind
Code:
Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog, !pam_session
gives :
Code:
sudo: unknown defaults entry `pam_session'
Back to top
View user's profile Send private message
ulenrich
Veteran
Veteran


Joined: 10 Oct 2010
Posts: 1480

PostPosted: Sat Sep 21, 2013 8:01 am    Post subject: Reply with quote

If you are able to solve your issue in pure user mode
this will be the most serious bug regarding security.
Please, try further ...
Back to top
View user's profile Send private message
hamelg
n00b
n00b


Joined: 12 Nov 2006
Posts: 8

PostPosted: Sat Sep 21, 2013 8:08 am    Post subject: Reply with quote

toralf wrote:
just putting !pam_session behind
Code:
Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog, !pam_session
gives :
Code:
sudo: unknown defaults entry `pam_session'


This setting is only supported by version 1.8.7 or higher.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Sat Sep 21, 2013 3:18 pm    Post subject: Reply with quote

yeah - 1.8.7 works fine - thx.
Back to top
View user's profile Send private message
albright
Advocate
Advocate


Joined: 16 Nov 2003
Posts: 2588
Location: Near Toronto

PostPosted: Sat Sep 21, 2013 4:02 pm    Post subject: Reply with quote

which raises the question since 1.8.7 was released in June, why
is it not in gentoo yet?


see http://www.sudo.ws/:
Quote:
The current stable release is sudo 1.8.7, released on June 6, 2013.

_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme)
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Sat Sep 21, 2013 4:15 pm    Post subject: Reply with quote

I filed a bug already ...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum