topic Re: sudo messages to root tty in Operating System - HP-UX

sudo messages to roo tty

MikeL_4 — Sat, 16 Jul 2011 17:01:59 GMT

I am running HP-UX 11.31 and using ixpress sudo to allow users to run some commands....

The issue is the many messages it puts out to the root tty throughout the day....

Is there a way to stop these messages from displaying:

Jul 16 06:47:18 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 10:48:25 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/3 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 11:57:02 tmoa1db01 sudo: kvelusam : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/kvelusam ; USER=root ; COMMAND=/usr/local/bin/oracle
Jul 16 12:50:51 tmoa1db01 sudo: mmahmoud : /var/adm owned by uid 4, should be uid 0 ; TTY=pts/2 ; PWD=/t3home_dirs/users/mmahmoud ; USER=root ; COMMAND=/usr/local/bin/oracle

The /etc/syslog.conf currently contains following, and I assume the *.alert root, line needs to be changed somehow but not sure how...:

=> cat /etc/syslog.conf
# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug              /var/adm/syslog/mail.log
*.info;mail.none        /var/adm/syslog/syslog.log
*.alert                 /dev/console
*.alert                 root
*.emerg                 *
=>

Re: sudo messages to root tty

Dennis Handly — Sat, 16 Jul 2011 19:05:58 GMT

>/var/adm owned by uid 4, should be uid 0

Have you looked at who owns /var/adm/? ll -d /var/adm/

You may want to compare against another system. It may be that you shouldn't have the sudo logs there because sudo wants root to be the owner and swverify wants UID 4.

Re: sudo messages to root tty

MikeL_4 — Sun, 17 Jul 2011 17:27:58 GMT

I've checked every HP-UX server we have and the /var/adm directory is owned by UID 4 and GID 4 which is 'adm' ID and Group.... So I'm resitent to just change the owner:group on /var/adm....

Don't know why sudo would be interested in this to start with, the sud log file is: /var/log/sudolog...

Re: sudo messages to root tty

Dennis Handly — Sun, 17 Jul 2011 19:32:01 GMT

> I'm resistant to just change the owner:group on /var/adm.

Rightly so.

>the sudo log file is: /var/log/sudolog.

Hmm. Them I'm not sure why it is looking at /var/adm/.

You may want to search the sudo documentation for /var/adm to see if it is mentioned.

Re: sudo messages to root tty

MikeL_4 — Sun, 17 Jul 2011 20:16:33 GMT

The sudo command they are executing is: COMMAND=/usr/local/bin/oracle, which is nothing more than an su command for the DBA's to get to the oracle Adminitrative account:

=> cat /usr/local/bin/oracle
#!/bin/ksh
su - oracle
=>

and the sulog is in /var/adm, so maybe that could be what is causing the message ...

Re: sudo messages to root tty

Dennis Handly — Sun, 17 Jul 2011 20:36:06 GMT

>the sulog is in /var/adm, so maybe that could be what is causing the message ...

That's not sudolog, so I'm not sure why it is looking there. Is it logging anything here?

Re: sudo messages to root tty

Arunabha Banerjee — Mon, 18 Jul 2011 14:50:22 GMT

Login as root and execute visudo command to edit /etc/sudoers file. Don't try to open /etc/sudoers file with vi or any other editor because if you put any wrong entry or syntax is incorrect then at the time saving it will not warn you. But in case of visudo it will warn you.

So finally add the following entry at the top of /etc/sudoers file

Defaults logfile=/var/log/sudolog

Change /var/log/sudolog file permission and ownership as follows:

# chown root:sys /var/log/sudolog

# chown 0600 /var/log/sudolog

Now onwards all sudo related logs will come under /var/log/sudolog file.

Re: sudo messages to root tty

MilanMazac — Wed, 20 Jul 2011 09:05:25 GMT

I have same issue on my HP-UX servers at customer site.

I have changed loggin according last post (redirect sudo logs tu /var/log/sudolog) but the behaviour of sudo did not change.

sudo warn me not only to logfie but also on the screen when I try to execute any command under sudo

Re: sudo messages to root tty

MilanMazac — Wed, 20 Jul 2011 10:30:14 GMT

Solved:

the root cause of error reporting is that sudo on HP-UX use /var/adm directory as timestapm directory.

I have created /var/adm/sudo directory to keep general practise

# mkdir /var/adm/sudo

after that I added followed lines at the beginning of the sudoers file:

Defaults logfile=/var/adm/sudo/sudo.log
Defaults timestampdir=/var/adm/sudo

Everyting works O.K.

Re: sudo messages to root tty

MikeL_4 — Wed, 20 Jul 2011 18:02:02 GMT

Thanks Milan, the last suggestion solved my issue also...

Re: sudo messages to root tty

Dennis Handly — Wed, 20 Jul 2011 18:39:58 GMT

Have you seen this warning about the new sudo being broken?

http://h30499.www3.hp.com/t5/Security/Serious-issue-with-sudo-A-16-00-1-7-4p4-001/m-p/4831101/message-uid/4831101#U4831101