1830932 Members
2573 Online
110017 Solutions
New Discussion

Sudo Logging

 
SOLVED
Go to solution
Tom Satinet
Frequent Advisor

Sudo Logging

Hello,

I am setting up sudo to delegate tasks to a very non techincal service desk. So far my testing has been positive. however, when i try to run a command using sudo that is not allowed, the warning message echos to the root users terminal. This behaviour is really not what I want. here is my /etc/sudoers file:

Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk"
Cmnd_Alias ADDUSER=/ops/adduser

# User privilege specification
root ALL=(ALL) ALL

# Members of the sdesk group may gain root privileges
%sdesk ALL=NOPASSWD:/sbin/passwd,ADDUSER

As I say, it works fine, but i want to stop failure warnings going to the root user's tty.

Thanks for any advice.
9 REPLIES 9
AwadheshPandey
Honored Contributor

Re: Sudo Logging

what warning message u get ?

Awadhesh
It's kind of fun to do the impossible
Muthukumar_5
Honored Contributor

Re: Sudo Logging

What you tried to do with sudo? which error you are getting. Post full sudoers file configuration to help you.

-Muthu
Easy to suggest when don't know about the problem!
Tom Satinet
Frequent Advisor

Re: Sudo Logging

what? i have posted the file.

for example i typed this as the user:

sudo vipw

and root got this message on it's terminal:

Oct 20 10:04:42 bd-devl sudo: petbou : user NOT in sudoers ; TTY=pts/te ; PW
D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw

Which also goes to the log file. in this example the user is not in the right unix group. but it happens on any failure event.

How do i stop this?
Tom Satinet
Frequent Advisor

Re: Sudo Logging

and when i add him:

Oct 20 10:07:22 bd-devl sudo: petbou : command not allowed ; TTY=pts/te ; PW
D=/ops/servicedesk ; USER=root ; COMMAND=/usr/bin/vipw

goes to roots terminal
Stephen Keane
Honored Contributor
Solution

Re: Sudo Logging

What do you have in /etc/syslog.conf ?
Is it syslog that is writing the messages to the root user's tty?
Tom Satinet
Frequent Advisor

Re: Sudo Logging

ah great.

i had not thought of that. These security events are 'alert' and this is configured as such:

mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

if I delete the console line will that be ok?
Sergejs Svitnevs
Honored Contributor

Re: Sudo Logging

try to change
Defaults logfile=/var/run/sudo/sudo.log, mailto="admin@somewhere.co.uk"

to
Defaults logfile=/var/run/sudo/sudo.log
Defaults mailto="admin@somewhere.co.uk"

Regards,
Sergejs
Muthukumar_5
Honored Contributor

Re: Sudo Logging

The problem is with,

syslog_badpri
Syslog priority to use when user authenticates unsuccessfully. Defaults to alert.

setting of suerors file. It will send failed authentication details to root's tty bcas syslog.conf is defined as,

*.alert /dev/console
*.alert root

Change syslog_badpri to notice. It will redirect to sudo log file as like syslog_goodpri.

hth.
Easy to suggest when don't know about the problem!
Arunvijai_4
Honored Contributor

Re: Sudo Logging

Change the alert level not to go to root console. It should help

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"