[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] [bug #39712] su actions not properly logged
From: |
anonymous |
Subject: |
[screen-devel] [bug #39712] su actions not properly logged |
Date: |
Wed, 07 Aug 2013 03:24:35 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?39712>
Summary: su actions not properly logged
Project: GNU Screen
Submitted by: None
Submitted on: Wed 07 Aug 2013 03:24:34 AM UTC
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.0.3
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
We're seeing an issue where su actions are not properly recorded when the user
is in a screen session. What's interesting is that this appears to work
properly on Ubuntu 12.04.2 running screen 4.00.03jw4 (FAU) 2-May-06 but does
not work correctly on CentOS 6.04 running screen (FAU) 23-Oct-06. So maybe
this is packaging related, but thought we'd start here.
When a user in a scree session runs "sudo su" the following appears in the
Ubuntu logs:
Aug 6 16:26:06 delta sudo: chrish : TTY=pts/5 ; PWD=/home/chrish ;
USER=root ; COMMAND=/bin/su
Aug 6 16:26:06 delta sudo: pam_unix(sudo:session): session opened for user
root by chrish(uid=1000)
Aug 6 16:26:06 delta su[27840]: Successful su for root by root
Aug 6 16:26:06 delta su[27840]: + /dev/pts/5 root:root
Aug 6 16:26:06 delta su[27840]: pam_unix(su:session): session opened for user
root by chrish(uid=0)
Aug 6 16:26:19 delta su[27840]: pam_unix(su:session): session closed for user
root
Aug 6 16:26:19 delta sudo: pam_unix(sudo:session): session closed for user
root
In the CentOS log we get:
Aug 6 16:38:03 epsilon sudo: chrish : TTY=pts/8 ; PWD=/home/chrish ;
USER=root ; COMMAND=/bin/su
Aug 6 16:38:03 epsilon su: pam_unix(su:session): session opened for user root
by (uid=0)
Aug 6 16:38:04 epsilon su: pam_unix(su:session): session closed for user
root
Notice that the second line does not indicate the name of the user which
performed the sudo like we do in Ubuntu. Without this data, our logs are
incomplete and log monitoring utilities do not properly fire.
Possible this is related to packaging or another part of the OS, possibly
PAM?
Additional notes, includes showing that it does not work in tmux on either OS,
are available here: https://gist.github.com/chrishas35/972fc8febad14bad1ae4.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?39712>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [screen-devel] [bug #39712] su actions not properly logged,
anonymous <=