[sudo-users] syslog shows wrong information after update to version 1.8.19p1

Sharon Hawthorne Sharon.Hawthorne at sharp.com
Fri Jan 13 14:05:16 MST 2017 

Sudo version 1.8.19p1
On AIX 7.1 systems (several), since upgrading from version 1.8.14xx to 1.8.19p1, information being logged into /var/adm/syslog.log and/or /var/adm/sulog is garbled. None of the expected information is being logged.

For example, prior to upgrading, a typical syslog line looked like:
     Jan 12 08:10:00 ladw1 local1:notice sudo:     root : TTY=unknown ; PWD=/root ; USER=<some user> ;   COMMAND=/scripts/common/cron/<some script>.ksh

After upgrade, the lines just look like (slightly different, but similarly garbled on different servers):

     Jan 13 12:31:38 <hostname> local1:notice sudo:  ^S^�H ^D^�8 :

     Jan 13 11:37:57 <hostname> local1:notice sudo:     ^C^S8  :                <-- a different host

related line from  /etc/sudoers:
Defaults        !lecture,passprompt="%u@%H password: ",syslog=local1,timestamp_timeout=15,env_keep+="ODMDIR", \
                iolog_file="%{seq}.%{user}", maxseq=575

Info from sudo –V :
Configure options: --prefix=/opt/freeware --mandir=/opt/freeware/man --with-insults=disabled --with-logging=syslog --with-logfac=auth --with-editor=/usr/bin/vi --with-env-editor --enable-zlib=builtin --disable-nls --with-sendmail=/usr/sbin/sendmail --disable-tmpfiles.d
Sudoers policy plugin version 1.8.19p1
Sudoers file grammar version 45

Sudoers path: /etc/sudoers
Authentication methods: 'aixauth' 'pam'
Syslog facility if syslog is being used for logging: local1
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 15.0 minutes

For now, I will be downgrading, picking a version now, but looking for a solution.

Also, I tried setting the new syslog_maxlen variable to a small number, which made no difference in the garbled text, both lines had the garbled text.


-Sharon Hawthorne
  Sharp HealthCare

More information about the sudo-users mailing list