[sudo-users] sudo_logsrvd configuration
Stefan Johnson
tigerphoenixdragon at gmail.com
Tue Jul 27 14:59:24 MDT 2021
On Tue, Jul 27, 2021 at 10:52 AM Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> On Fri, 23 Jul 2021 18:25:41 -0500, Stefan Johnson wrote:
>
> > The OS is the latest RedHat 8 on x86_64. I pulled the RPMs from the
> > sudo.ws site
> > and used those to replace the RedHat provided sudo. I don't remember
> what
> > version
> > of OpenSSL is on the system, but a quick check of the RedHat rpm site
> seems
> > to
> > indicate the vendor provided version is 1.1.1g (with any vendor
> > modifications / back
> > ports that may have been included for security fixes.)
>
> Sudo 1.9.7p2 is out today which includes a fix for this.
>
> You can download the updated RPMs from
> https://www.sudo.ws/download.html#binary or
> https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_7p2
>
> - todd
>
I installed the latest package today, and it worked fine. Thank you for
all the help!
One more question...
The "log_servers" directive allows a list of log servers, but how do you
include the certificate for each of those log servers? The
"log_server_peer_cert" and "log_server_peer_key" directives seem to only
accept one entry. If I only include one log server in the sudoers file
with the appropriate cert, key, and cacert (log_server_cabundle directive)
it works fine, but if I try to include a list of certs and keys for each
server, it fails.
I'll keep playing with the options tomorrow to see if I can figure it out,
but was hoping someone on here might see what I'm doing wrong.
I also recognize that I might need to do a subject alternative names
certificate for all of the log servers and use that same cert everywhere.
Again, thanks for all the help!
Stefan
More information about the sudo-users
mailing list