@@ -38,6 +38,21 @@ Plugin sudoers_audit sudoers.so
|
||||
#
|
||||
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
|
||||
|
||||
#
|
||||
# Sudo command interception:
|
||||
# Path intercept /path/to/sudo_intercept.so
|
||||
#
|
||||
# Path to a shared library containing replacements for the execv(),
|
||||
# execve() and fexecve() library functions, which perform a policy
|
||||
# check to verify whether the command is allowed and simply return
|
||||
# an error if it is not. This is used to implement the "intercept"
|
||||
# functionality on systems that support LD_PRELOAD or its equivalent.
|
||||
#
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
#Path intercept /usr/libexec/sudo/sudo_intercept.so
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
# Path noexec /path/to/sudo_noexec.so
|
||||
@@ -57,18 +72,10 @@ Plugin sudoers_audit sudoers.so
|
||||
# Path plugin_dir /path/to/plugins
|
||||
#
|
||||
# The default directory to use when searching for plugins that are
|
||||
# specified without a fully qualified path name.
|
||||
# specified without a fully-qualified path name.
|
||||
#
|
||||
#Path plugin_dir /usr/libexec/sudo
|
||||
|
||||
#
|
||||
# Sudo developer mode:
|
||||
# Set developer_mode true|false
|
||||
#
|
||||
# Allow loading of plugins that are owned by non-root or are writable
|
||||
# by "group" or "other". Should only be used during plugin development.
|
||||
#Set developer_mode true
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
# Set disable_coredump true|false
|
||||
@@ -114,10 +121,10 @@ Set disable_coredump false
|
||||
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
|
||||
#
|
||||
# Sudo and related programs support logging debug information to a file.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
|
||||
#
|
||||
# Subsystems vary based on the program; "all" matches all subsystems.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
|
||||
# Multiple subsystem@priority may be specified, separated by a comma.
|
||||
#
|
||||
#Debug sudo /var/log/sudo_debug all@debug
|
||||
|
||||
@@ -38,6 +38,21 @@ Plugin sudoers_audit sudoers.so
|
||||
#
|
||||
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
|
||||
|
||||
#
|
||||
# Sudo command interception:
|
||||
# Path intercept /path/to/sudo_intercept.so
|
||||
#
|
||||
# Path to a shared library containing replacements for the execv(),
|
||||
# execve() and fexecve() library functions, which perform a policy
|
||||
# check to verify whether the command is allowed and simply return
|
||||
# an error if it is not. This is used to implement the "intercept"
|
||||
# functionality on systems that support LD_PRELOAD or its equivalent.
|
||||
#
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
#Path intercept /usr/libexec/sudo/sudo_intercept.so
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
# Path noexec /path/to/sudo_noexec.so
|
||||
@@ -57,18 +72,10 @@ Plugin sudoers_audit sudoers.so
|
||||
# Path plugin_dir /path/to/plugins
|
||||
#
|
||||
# The default directory to use when searching for plugins that are
|
||||
# specified without a fully qualified path name.
|
||||
# specified without a fully-qualified path name.
|
||||
#
|
||||
#Path plugin_dir /usr/libexec/sudo
|
||||
|
||||
#
|
||||
# Sudo developer mode:
|
||||
# Set developer_mode true|false
|
||||
#
|
||||
# Allow loading of plugins that are owned by non-root or are writable
|
||||
# by "group" or "other". Should only be used during plugin development.
|
||||
#Set developer_mode true
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
# Set disable_coredump true|false
|
||||
@@ -114,10 +121,10 @@ Set disable_coredump false
|
||||
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
|
||||
#
|
||||
# Sudo and related programs support logging debug information to a file.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
|
||||
#
|
||||
# Subsystems vary based on the program; "all" matches all subsystems.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
|
||||
# Multiple subsystem@priority may be specified, separated by a comma.
|
||||
#
|
||||
#Debug sudo /var/log/sudo_debug all@debug
|
||||
|
||||
@@ -38,6 +38,21 @@ Plugin sudoers_audit sudoers.so
|
||||
#
|
||||
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
|
||||
|
||||
#
|
||||
# Sudo command interception:
|
||||
# Path intercept /path/to/sudo_intercept.so
|
||||
#
|
||||
# Path to a shared library containing replacements for the execv(),
|
||||
# execve() and fexecve() library functions, which perform a policy
|
||||
# check to verify whether the command is allowed and simply return
|
||||
# an error if it is not. This is used to implement the "intercept"
|
||||
# functionality on systems that support LD_PRELOAD or its equivalent.
|
||||
#
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
#Path intercept /usr/libexec/sudo/sudo_intercept.so
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
# Path noexec /path/to/sudo_noexec.so
|
||||
@@ -57,18 +72,10 @@ Plugin sudoers_audit sudoers.so
|
||||
# Path plugin_dir /path/to/plugins
|
||||
#
|
||||
# The default directory to use when searching for plugins that are
|
||||
# specified without a fully qualified path name.
|
||||
# specified without a fully-qualified path name.
|
||||
#
|
||||
#Path plugin_dir /usr/libexec/sudo
|
||||
|
||||
#
|
||||
# Sudo developer mode:
|
||||
# Set developer_mode true|false
|
||||
#
|
||||
# Allow loading of plugins that are owned by non-root or are writable
|
||||
# by "group" or "other". Should only be used during plugin development.
|
||||
#Set developer_mode true
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
# Set disable_coredump true|false
|
||||
@@ -114,10 +121,10 @@ Set disable_coredump false
|
||||
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
|
||||
#
|
||||
# Sudo and related programs support logging debug information to a file.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
|
||||
#
|
||||
# Subsystems vary based on the program; "all" matches all subsystems.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
|
||||
# Multiple subsystem@priority may be specified, separated by a comma.
|
||||
#
|
||||
#Debug sudo /var/log/sudo_debug all@debug
|
||||
|
||||
@@ -38,6 +38,21 @@ Plugin sudoers_audit sudoers.so
|
||||
#
|
||||
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
|
||||
|
||||
#
|
||||
# Sudo command interception:
|
||||
# Path intercept /path/to/sudo_intercept.so
|
||||
#
|
||||
# Path to a shared library containing replacements for the execv(),
|
||||
# execve() and fexecve() library functions, which perform a policy
|
||||
# check to verify whether the command is allowed and simply return
|
||||
# an error if it is not. This is used to implement the "intercept"
|
||||
# functionality on systems that support LD_PRELOAD or its equivalent.
|
||||
#
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
#Path intercept /usr/libexec/sudo/sudo_intercept.so
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
# Path noexec /path/to/sudo_noexec.so
|
||||
@@ -57,18 +72,10 @@ Plugin sudoers_audit sudoers.so
|
||||
# Path plugin_dir /path/to/plugins
|
||||
#
|
||||
# The default directory to use when searching for plugins that are
|
||||
# specified without a fully qualified path name.
|
||||
# specified without a fully-qualified path name.
|
||||
#
|
||||
#Path plugin_dir /usr/libexec/sudo
|
||||
|
||||
#
|
||||
# Sudo developer mode:
|
||||
# Set developer_mode true|false
|
||||
#
|
||||
# Allow loading of plugins that are owned by non-root or are writable
|
||||
# by "group" or "other". Should only be used during plugin development.
|
||||
#Set developer_mode true
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
# Set disable_coredump true|false
|
||||
@@ -114,10 +121,10 @@ Set disable_coredump false
|
||||
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
|
||||
#
|
||||
# Sudo and related programs support logging debug information to a file.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
|
||||
#
|
||||
# Subsystems vary based on the program; "all" matches all subsystems.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
|
||||
# Multiple subsystem@priority may be specified, separated by a comma.
|
||||
#
|
||||
#Debug sudo /var/log/sudo_debug all@debug
|
||||
|
||||
Reference in New Issue
Block a user