[sudo-users] succesful commands logged at alert level and syslog_*pri settings ignored
Jasper Jongmans
list+sudo at aprogas.net
Tue Dec 20 10:13:59 MST 2016
After updating FreeBSD, succesful sudo commands are logged to my active
terminal. My syslogd is configured to send *.crit to my user and
restarting it with -vv reveals the logs are at auth.alert, indicating
syslogd is behaving as expected.
Setting syslog_goodpri to its default value of notice or even to none,
still causes the logs to be auth.alert, while I expected them to
respectively become auth.notice and to not be sent to syslog at all.
Setting !syslog_goodpri does stop the logs from appearing in syslog, as
expected. Changing syslog_badpri to for example err and failing
authentication on purpose, also give logs at auth.alert instead of auth.err.
% cat /usr/local/etc/sudoers
# Defaults specification
Defaults env_keep += "EDITOR PAGER LESS CLICOLOR LSCOLORS"
Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT
PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults syslog_badpri=err
Defaults syslog_goodpri=info
Defaults !tty_tickets, umask_override, timestamp_timeout=10
Defaults>root umask=0022
# User privilege specification
root ALL = (ALL) ALL
aprogas ALL = (ALL) ALL
% sudo id # wrong password on purpose
sudo: 3 incorrect password attempts
Dec 20 17:54:54 <auth.alert> enki sudo: aprogas : 3 incorrect password
attempts ; TTY=pts/8 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/id
# expected <auth.err>
% sudo id # correct password
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
Dec 20 17:56:36 <auth.alert> enki sudo: aprogas : TTY=pts/8 ; PWD=/ ;
USER=root ; COMMAND=/usr/bin/id
# expected <auth.info>
% sudo -V
Sudo version 1.8.19
Sudoers policy plugin version 1.8.19
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.19
% uname -a
FreeBSD enki.aprogas.net 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0:
Mon Oct 24 18:49:24 UTC 2016
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
More information about the sudo-users
mailing list