HPE Community
Operating System - HP-UX
1830932 Members
2573 Online
110017 Solutions
New Discussion

Sudo Logging

 
SOLVED
Go to solution
Tom Satinet
Frequent Advisor

‎10-19-2005 08:36 PM

‎10-19-2005 08:36 PM

Sudo Logging

Hello,

I am setting up sudo to delegate tasks to a very non techincal service desk. So far my testing has been positive. however, when i try to run a command using sudo that is not allowed, the warning message echos to the root users terminal. This behaviour is really not what I want. here is my /etc/sudoers file:

Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk"
Cmnd_Alias ADDUSER=/ops/adduser

# User privilege specification
root ALL=(ALL) ALL

# Members of the sdesk group may gain root privileges
%sdesk ALL=NOPASSWD:/sbin/passwd,ADDUSER

As I say, it works fine, but i want to stop failure warnings going to the root user's tty.

Thanks for any advice.
0 Kudos
Reply
9 REPLIES 9
AwadheshPandey
Honored Contributor

‎10-19-2005 08:47 PM

‎10-19-2005 08:47 PM

Re: Sudo Logging

what warning message u get ?

Awadhesh
It's kind of fun to do the impossible
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎10-19-2005 08:51 PM

‎10-19-2005 08:51 PM

Re: Sudo Logging

What you tried to do with sudo? which error you are getting. Post full sudoers file configuration to help you.

-Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Tom Satinet
Frequent Advisor

‎10-19-2005 09:05 PM

‎10-19-2005 09:05 PM

Re: Sudo Logging

what? i have posted the file.

for example i typed this as the user:

sudo vipw

and root got this message on it's terminal:

Oct 20 10:04:42 bd-devl sudo: petbou : user NOT in sudoers ; TTY=pts/te ; PW
D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw

Which also goes to the log file. in this example the user is not in the right unix group. but it happens on any failure event.

How do i stop this?
0 Kudos
Reply
Tom Satinet
Frequent Advisor

‎10-19-2005 09:07 PM

‎10-19-2005 09:07 PM

Re: Sudo Logging

and when i add him:

Oct 20 10:07:22 bd-devl sudo: petbou : command not allowed ; TTY=pts/te ; PW
D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw

goes to roots terminal
0 Kudos
Reply
Stephen Keane
Honored Contributor

‎10-19-2005 09:11 PM

‎10-19-2005 09:11 PM

Solution

Re: Sudo Logging

What do you have in /etc/syslog.conf ?
Is it syslog that is writing the messages to the root user's tty?
Reply
Tom Satinet
Frequent Advisor

‎10-19-2005 09:19 PM

‎10-19-2005 09:19 PM

Re: Sudo Logging

ah great.

i had not thought of that. These security events are 'alert' and this is configured as such:

mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

if I delete the console line will that be ok?
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎10-19-2005 09:29 PM

‎10-19-2005 09:29 PM

Re: Sudo Logging

try to change
Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk"

to
Defaults logfile=/var/run/sudo/sudo.log
Defaults mailto="admin@somewhere.co.uk"

Regards,
Sergejs
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎10-19-2005 09:57 PM

‎10-19-2005 09:57 PM

Re: Sudo Logging

The problem is with,

syslog_badpri
Syslog priority to use when user authenticates unsuccessfully. Defaults to alert.

setting of suerors file. It will send failed authentication details to root's tty bcas syslog.conf is defined as,

*.alert /dev/console
*.alert root

Change syslog_badpri to notice. It will redirect to sudo log file as like syslog_goodpri.

hth.
Easy to suggest when don't know about the problem!
Reply
Arunvijai_4
Honored Contributor

‎10-19-2005 10:00 PM

‎10-19-2005 10:00 PM

Re: Sudo Logging

Change the alert level not to go to root console. It should help

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.