logging successes or failures.
not specified on the command line. This defaults to
root.
- syslog_badpri Syslog priority to use when user authenticates
- unsuccessfully. Defaults to alert.
+ syslog_badpri Syslog priority to use when the user is not allowed to
+ run a command or when authentication is unsuccessful.
+ Defaults to alert.
The following syslog priorities are supported: a\bal\ble\ber\brt\bt,
- c\bcr\bri\bit\bt, d\bde\beb\bbu\bug\bg, e\bem\bme\ber\brg\bg, e\ber\brr\br, i\bin\bnf\bfo\bo, n\bno\bot\bti\bic\bce\be, and w\bwa\bar\brn\bni\bin\bng\bg.
+ c\bcr\bri\bit\bt, d\bde\beb\bbu\bug\bg, e\bem\bme\ber\brg\bg, e\ber\brr\br, i\bin\bnf\bfo\bo, n\bno\bot\bti\bic\bce\be, w\bwa\bar\brn\bni\bin\bng\bg, and
+ n\bno\bon\bne\be. Negating the option or setting it to a value of
+ n\bno\bon\bne\be will disable logging of unsuccessful commands.
- syslog_goodpri Syslog priority to use when user authenticates
- successfully. Defaults to notice.
+ syslog_goodpri Syslog priority to use when the user is allowed to run
+ a command and authentication is successful. Defaults
+ to notice.
See _\bs_\by_\bs_\bl_\bo_\bg_\b__\bb_\ba_\bd_\bp_\br_\bi for the list of supported syslog
- priorities.
+ priorities. Negating the option or setting it to a
+ value of n\bno\bon\bne\be will disable logging of successful
+ commands.
+
+ syslog_goodpri
syslog_maxlen On many systems, syslog(3) has a relatively small log
buffer. IETF RFC 5424 states that syslog servers must
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.19 November 7, 2016 Sudo 1.8.19
+Sudo 1.8.19 November 30, 2016 Sudo 1.8.19
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "November 7, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "November 30, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
\fR@runas_default@\fR.
.TP 18n
syslog_badpri
-Syslog priority to use when user authenticates unsuccessfully.
+Syslog priority to use when the user is not allowed to run a command or
+when authentication is unsuccessful.
Defaults to
\fR@badpri@\fR.
.sp
\fBerr\fR,
\fBinfo\fR,
\fBnotice\fR,
+\fBwarning\fR,
and
-\fBwarning\fR.
+\fBnone\fR.
+Negating the option or setting it to a value of
+\fBnone\fR
+will disable logging of unsuccessful commands.
.TP 18n
syslog_goodpri
-Syslog priority to use when user authenticates successfully.
+Syslog priority to use when the user is allowed to run a command and
+authentication is successful.
Defaults to
\fR@goodpri@\fR.
.sp
See
\fIsyslog_badpri\fR
for the list of supported syslog priorities.
+Negating the option or setting it to a value of
+\fBnone\fR
+will disable logging of successful commands.
+.TP 18n
+syslog_goodpri
.TP 18n
syslog_maxlen
On many systems,
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd November 7, 2016
+.Dd November 30, 2016
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
This defaults to
.Li @runas_default@ .
.It syslog_badpri
-Syslog priority to use when user authenticates unsuccessfully.
+Syslog priority to use when the user is not allowed to run a command or
+when authentication is unsuccessful.
Defaults to
.Li @badpri@ .
.Pp
.Sy err ,
.Sy info ,
.Sy notice ,
+.Sy warning ,
and
-.Sy warning .
+.Sy none .
+Negating the option or setting it to a value of
+.Sy none
+will disable logging of unsuccessful commands.
.It syslog_goodpri
-Syslog priority to use when user authenticates successfully.
+Syslog priority to use when the user is allowed to run a command and
+authentication is successful.
Defaults to
.Li @goodpri@ .
.Pp
See
.Em syslog_badpri
for the list of supported syslog priorities.
+Negating the option or setting it to a value of
+.Sy none
+will disable logging of successful commands.
+.It syslog_goodpri
.It syslog_maxlen
On many systems,
.Xr syslog 3
N_("Syslog facility if syslog is being used for logging: %s"),
NULL,
}, {
- "syslog_goodpri", T_LOGPRI,
+ "syslog_goodpri", T_LOGPRI|T_BOOL,
N_("Syslog priority to use when user authenticates successfully: %s"),
NULL,
}, {
- "syslog_badpri", T_LOGPRI,
+ "syslog_badpri", T_LOGPRI|T_BOOL,
N_("Syslog priority to use when user authenticates unsuccessfully: %s"),
NULL,
}, {
T_LOGFAC|T_BOOL
"Syslog facility if syslog is being used for logging: %s"
syslog_goodpri
- T_LOGPRI
+ T_LOGPRI|T_BOOL
"Syslog priority to use when user authenticates successfully: %s"
syslog_badpri
- T_LOGPRI
+ T_LOGPRI|T_BOOL
"Syslog priority to use when user authenticates unsuccessfully: %s"
long_otp_prompt
T_FLAG
{ "info", LOG_INFO },
{ "notice", LOG_NOTICE },
{ "warning", LOG_WARNING },
+ { "none", -1 },
{ NULL, -1 }
};
struct strmap *pri;
debug_decl(store_syslogpri, SUDOERS_DEBUG_DEFAULTS)
- if (str == NULL)
- debug_return_bool(false);
-
+ if (str == NULL) {
+ sd_un->ival = -1;
+ debug_return_bool(true);
+ }
for (pri = priorities; pri->name != NULL; pri++) {
if (strcmp(str, pri->name) != 0) {
sd_un->ival = pri->num;
struct strmap *pri;
debug_decl(logpri2str, SUDOERS_DEBUG_DEFAULTS)
- for (pri = priorities; pri->name && pri->num != n; pri++)
- continue;
- debug_return_const_str(pri->name);
+ for (pri = priorities; pri->name != NULL; pri++) {
+ if (pri->num == n)
+ debug_return_const_str(pri->name);
+ }
+ debug_return_const_str("unknown");
}
static bool
int oldlocale;
debug_decl(do_syslog, SUDOERS_DEBUG_LOGGING)
+ /* A priority of -1 corresponds to "none". */
+ if (pri == -1)
+ debug_return;
+
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
/*