[sudo-users] EXTERNAL: Re: Does AIX properly forward to a Linux logsrvd? Endian Issues?

[Dolan, Sean]

Thank you Todd.   I JUST found the issue.   Our /etc/sudoers  has the following lines which works well for Linux but not AIX:



Defaults log_ouptut

Defaults log_server=logserver-linux:30343

Defaults!ALL !log_output

Defaults!/bin/su log_output





The idea is that all commands issues by sudo would be logged to the logsrvd recipient, but JUST the command "su -"   would be captured via the I/O capture so we can playback a persons session if needed.



Linux works:   I see the log statement in the /var/log/secure   on the Linux logsrvd host  *and* I see the /var/log/sudo-io/   entry created.



On AIX, the command does not show up on the Linux logsrvd (e.g. sudo cat /etc/shadow), but I DO see the /var/log/sudo-io/  entry if you do a sudo su -





Any way to configure the sudoers in a way that would work for AIX as well?











-----Original Message-----
From: Todd C. Miller <Todd.Miller at millert.dev>
Sent: Wednesday, October 19, 2022 3:22 PM
To: Dolan, Sean (US N-ISYS Technologies Inc.) <sean.dolan at lmco.com>
Cc: sudo-users at sudo.ws
Subject: EXTERNAL: Re: [sudo-users] Does AIX properly forward to a Linux logsrvd? Endian Issues?



The protocol used is endian-independent.  I just tested a big-endian client (HP pa-risc) connecting to a little-endian server (amd64) using the upcoming sudo 1.9.12 release.  You can find a release candidate at https://www.sudo.ws/releases/devel/.



It is possible that there is an AIX-specific bug (this would not be the first time).  Do you receive an error message on the client about not being able to connect to the server?



You may want to enable debug logging on the client in /etc/sudo.conf and see if that provides any more information.



- todd