[sudo-users] Issue with apt command after setting log_subcmd option in /etc/sudoers file
Todd C. Miller
Todd.Miller at sudo.ws
Fri Mar 24 10:24:31 MDT 2023
On Fri, 24 Mar 2023 13:38:25 -0000, ronan.bertinhugault at orange.com wrote:
> We are attempting in our environment to increase our capability to check the
> commands used by our people when connecting to a VM through SSH.
> The targeted server is an Ubuntu 22.04 OS based.
What version of sudo are you running? It looks like Ubuntu 22.04
ships sudo 1.9.9. There have been a number of fixes to log_subcmds
and intercept mode since then. If you are able to do so, I suggest
trying the latest sudo package from https://www.sudo.ws/getting/packages/.
If not, you could disable log_subcmds for apt with a line like.
Defaults!/usr/bin/apt !log_subcmds
It is probably not useful to log all the commands run by the apt
install and remove scripts. Some of the package scripts run thousands
of commands (google-cloud-sdk is especially bad in this respect).
- todd
More information about the sudo-users
mailing list