[OmniOS-discuss] sudo update
Al Slater
al.slater at scluk.com
Thu Nov 23 11:06:26 UTC 2017
Hi Andy,
On 23/11/17 10:40, Andy Fiddaman wrote:
>
> On Thu, 23 Nov 2017, Al Slater wrote:
>
> ; Hi,
> ;
> ; I have just updated a number of my omniosce boxes to r151022y, bringing
> ; in the sudo updates in r151022u.
> ;
> ; All my machines have BSM auditing enabled, and now I am seeing the
> ; following when using sudo
> ;
> ; sudo: au_preselect: Bad file number
>
> Hi, this is something we specifically tested along with the sudo update
> since auditing was an area that changed quite a bit. Could you please check
> that all of your packages are up-to-date (particularly SUNWcs) and that the
> output of the following commands matches on your system?
>
> r151022% auditrecord -e AUE_sudo
>
> sudo
> program sudo See sudo(1m)
> event ID 6650 AUE_sudo
> class lo,ua,as (0x00061000)
> header
> subject
> exec_arguments command args
> [text] error message (failure only)
> return
>
> r151022% grep sudo /etc/security/audit_event /usr/lib/audit/audit_record_attr
> /etc/security/audit_event:# sudo event
> /etc/security/audit_event:6650:AUE_sudo:sudo(1m):lo,ua,as
> /usr/lib/audit/audit_record_attr:label=AUE_sudo
>
> If the problem persists, please post the audit configuration that you're
> using so we can try and replicate (auditconfig -getflags)
Ok, I can see the issue.
The upgrade installed a audit_event.new into /etc/security, but it was
not merged into our modified audit_event.
I can see what I need to do to fix this now. Thank you for the pointers.
--
Al Slater
More information about the OmniOS-discuss
mailing list