[sudo-users] syslog shows wrong information after update to version 1.8.19p1
Sharon Hawthorne
Sharon.Hawthorne at sharp.com
Fri Jan 13 14:05:16 MST 2017
Sudo version 1.8.19p1
On AIX 7.1 systems (several), since upgrading from version 1.8.14xx to 1.8.19p1, information being logged into /var/adm/syslog.log and/or /var/adm/sulog is garbled. None of the expected information is being logged.
For example, prior to upgrading, a typical syslog line looked like:
Jan 12 08:10:00 ladw1 local1:notice sudo: root : TTY=unknown ; PWD=/root ; USER=<some user> ; COMMAND=/scripts/common/cron/<some script>.ksh
After upgrade, the lines just look like (slightly different, but similarly garbled on different servers):
Jan 13 12:31:38 <hostname> local1:notice sudo: ^S^�H ^D^�8 :
Jan 13 11:37:57 <hostname> local1:notice sudo: ^C^S8 : <-- a different host
related line from /etc/sudoers:
Defaults !lecture,passprompt="%u@%H password: ",syslog=local1,timestamp_timeout=15,env_keep+="ODMDIR", \
iolog_file="%{seq}.%{user}", maxseq=575
Info from sudo –V :
Configure options: --prefix=/opt/freeware --mandir=/opt/freeware/man --with-insults=disabled --with-logging=syslog --with-logfac=auth --with-editor=/usr/bin/vi --with-env-editor --enable-zlib=builtin --disable-nls --with-sendmail=/usr/sbin/sendmail --disable-tmpfiles.d
Sudoers policy plugin version 1.8.19p1
Sudoers file grammar version 45
Sudoers path: /etc/sudoers
Authentication methods: 'aixauth' 'pam'
Syslog facility if syslog is being used for logging: local1
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 15.0 minutes
For now, I will be downgrading, picking a version now, but looking for a solution.
Also, I tried setting the new syslog_maxlen variable to a small number, which made no difference in the garbled text, both lines had the garbled text.
-Sharon Hawthorne
Sharp HealthCare
More information about the sudo-users
mailing list