diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-06-30 16:37:53 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-06-30 16:37:53 -0700 |
| commit | f4ad511f3f2c946568e84adfd75b087e4180ad05 (patch) | |
| tree | f4a507cfca295462223a4ce6a8fcba9df8764cde /debian | |
| parent | 5c108ca0a31657763cd657eb22253013e04fef5a (diff) | |
| download | vyatta-cfg-system-f4ad511f3f2c946568e84adfd75b087e4180ad05.tar.gz vyatta-cfg-system-f4ad511f3f2c946568e84adfd75b087e4180ad05.zip | |
Change syslogging of authorization related commands
For sucessful sudo, just log it at info level.
Capture any security failures/changes into /var/log/auth.log
but skip normal CLI commands
Turn off the builtin sync after each write to /var/log/messages
by putting - before file name; the sync causes a disk write
each time and therefore can be a performance hit during boot.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 0852319e..8e8b6015 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -57,6 +57,13 @@ EOF echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers fi + # Reduce logging level of good commands + if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then + echo "\nDefaults syslog_goodpri=info" >>/etc/sudoers + fi + + fi + # keep env vars if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers |