Re: [OmniOS-discuss] sudo update
Hi Andy, On 23/11/17 10:40, Andy Fiddaman wrote: > > On Thu, 23 Nov 2017, Al Slater wrote: > > ; Hi, > ; > ; I have just updated a number of my omniosce boxes to r151022y, bringing > ; in the sudo updates in r151022u. > ; > ; All my machines have BSM auditing enabled, and now I am seeing the > ; following when using sudo > ; > ; sudo: au_preselect: Bad file number > > Hi, this is something we specifically tested along with the sudo update > since auditing was an area that changed quite a bit. Could you please check > that all of your packages are up-to-date (particularly SUNWcs) and that the > output of the following commands matches on your system? > > r151022% auditrecord -e AUE_sudo > > sudo > program sudo See sudo(1m) > event ID6650 AUE_sudo > class lo,ua,as (0x00061000) > header > subject > exec_arguments command args > [text] error message (failure only) > return > > r151022% grep sudo /etc/security/audit_event /usr/lib/audit/audit_record_attr > /etc/security/audit_event:# sudo event > /etc/security/audit_event:6650:AUE_sudo:sudo(1m):lo,ua,as > /usr/lib/audit/audit_record_attr:label=AUE_sudo > > If the problem persists, please post the audit configuration that you're > using so we can try and replicate (auditconfig -getflags) Ok, I can see the issue. The upgrade installed a audit_event.new into /etc/security, but it was not merged into our modified audit_event. I can see what I need to do to fix this now. Thank you for the pointers. -- Al Slater ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
Re: [OmniOS-discuss] sudo update
On Thu, 23 Nov 2017, Al Slater wrote: ; Hi, ; ; I have just updated a number of my omniosce boxes to r151022y, bringing ; in the sudo updates in r151022u. ; ; All my machines have BSM auditing enabled, and now I am seeing the ; following when using sudo ; ; sudo: au_preselect: Bad file number Hi, this is something we specifically tested along with the sudo update since auditing was an area that changed quite a bit. Could you please check that all of your packages are up-to-date (particularly SUNWcs) and that the output of the following commands matches on your system? r151022% auditrecord -e AUE_sudo sudo program sudo See sudo(1m) event ID6650 AUE_sudo class lo,ua,as (0x00061000) header subject exec_arguments command args [text] error message (failure only) return r151022% grep sudo /etc/security/audit_event /usr/lib/audit/audit_record_attr /etc/security/audit_event:# sudo event /etc/security/audit_event:6650:AUE_sudo:sudo(1m):lo,ua,as /usr/lib/audit/audit_record_attr:label=AUE_sudo If the problem persists, please post the audit configuration that you're using so we can try and replicate (auditconfig -getflags) Thanks, Andy -- Citrus IT Limited | +44 (0)333 0124 007 | enquir...@citrus-it.co.uk Rock House Farm | Green Moor | Wortley | Sheffield | S35 7DQ Registered in England and Wales | Company number 4899123 ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
[OmniOS-discuss] sudo update
Hi, I have just updated a number of my omniosce boxes to r151022y, bringing in the sudo updates in r151022u. All my machines have BSM auditing enabled, and now I am seeing the following when using sudo sudo: au_preselect: Bad file number regards -- Al Slater ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
