[sudo-users] Issue with apt command after setting log_subcmd option in /etc/sudoers file

ronan.bertinhugault at orange.com ronan.bertinhugault at orange.com
Mon Mar 27 07:15:32 MDT 2023 

Hello Todd,
Thank you for your prompt reply.
Regarding the sudo version, we are using the latest Ubuntu package available.
We will try the workaround proposed and I will come back to you with the results.

Have a good day.

Regards.

Ronan BERTIN-HUGAULT
Ronan.bertinhugault at orange.com
Mobile : +33 643253217


Orange Restricted

-----Message d'origine-----
De : Todd C. Miller <Todd.Miller at sudo.ws> 
Envoyé : vendredi 24 mars 2023 17:25
À : BERTIN HUGAULT Ronan INNOV/IT-S <ronan.bertinhugault at orange.com>
Cc : sudo-users at sudo.ws
Objet : Re: [sudo-users] Issue with apt command after setting log_subcmd option in /etc/sudoers file

On Fri, 24 Mar 2023 13:38:25 -0000, ronan.bertinhugault at orange.com wrote:

> We are attempting in our environment to increase our capability to 
> check the commands used by our people when connecting to a VM through SSH.
> The targeted server is an Ubuntu 22.04 OS based.

What version of sudo are you running?  It looks like Ubuntu 22.04 ships sudo 1.9.9.  There have been a number of fixes to log_subcmds and intercept mode since then.  If you are able to do so, I suggest trying the latest sudo package from https://www.sudo.ws/getting/packages/.

If not, you could disable log_subcmds for apt with a line like.

    Defaults!/usr/bin/apt !log_subcmds

It is probably not useful to log all the commands run by the apt install and remove scripts.  Some of the package scripts run thousands of commands (google-cloud-sdk is especially bad in this respect).

 - todd

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

More information about the sudo-users mailing list