[sudo-users] sudoreplay "best practice" questions

Divan Santana divan at santanas.co.za
Wed Oct 5 03:14:41 MDT 2016

On a similar note...

Is it possible to configure sudo in such a way that if the log directory
is full or unaccessible (remote share goes down) for sudo subsystem to
continue functioning?

I understand that the above is bad from a security POV, however business
may prefer that over sudo subsystem being down and no one being able to
login to rectify the issue. (We have disabled root direct and only allow
root access via sudo).

Divan Santana <divan at santanas.co.za> writes:

> Hi All,
> Firstly apologies for strickly not replying to the same thread, just
> same subject. I haven't figured out how to pull down the archives easily
> into my mail program.
>> If MaxSeq isn't listed in the man page then you need a newer version
>> of sudo.
>> As another list member mentioned, setting maxseq in sudoers to
>> a reasonable value for your system is the simplest solution.
>> This is available in sudo 1.8.7 and above.
> This sounds useful and interesting.
> Weirdly, RHEL 6 and 7 seems to be on 1.8.6.x
> I can't seem to verify how to check a system supports this feature.
> Ubuntu 14.04 ships with 1.8.9.
> Arch Linux is now on 1.8.18.
> I've done the below on 14.04, RHEL 6, 7 and Arch Linux and all return
> nothing.
> ```
> man sudoreplay|grep -i maxseq
> man sudo|grep -i maxseq
> ```
> Does this mean it's not supported, or how else can I check?
>> Another approach is to have a cron job that removes old logs
>> when space/inodes starts to get tight.
> Yeah we might have to go this route which is not ideal. Anyone have any
> nice scripts they feel like sharing let me know. :)

Best regards,

Divan Santana

Red Hat Certified Architect


Mobile: +27 82 787 8522
Email: divan at santanas.co.za

More information about the sudo-users mailing list