From cd03e982fa906c746f039d99c5fc5af908902936 Mon Sep 17 00:00:00 2001 From: Ward Poelmans Date: Tue, 18 Mar 2025 15:43:14 +0100 Subject: [PATCH 1/2] fix sudo --- files/sudo | 2 +- tests/data/sudo | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/files/sudo b/files/sudo index 07624df..7215e4f 100644 --- a/files/sudo +++ b/files/sudo @@ -6,7 +6,7 @@ SUDO_COMMAND COMMAND=%{GREEDYDATA:sudo_command} SUDO_USER %{NOTSPACE:sudo_user} SUDO_RUNAS USER=%{NOTSPACE:sudo_runas} -SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : %{SUDO_TTY} ; %{SUDO_PWD} ; %{SUDO_RUNAS} ; %{SUDO_COMMAND} +SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : (?:%{SUDO_TTY} ; )?%{SUDO_PWD} ; %{SUDO_RUNAS} ; %{SUDO_COMMAND} SUDO_INFO_PAM_UNIX_SESSION_OPENED pam_unix\(sudo:session\): (?session opened) for user %{NOTSPACE:sudo_runas} by %{SUDO_USER}\(uid=%{NUMBER}\) SUDO_INFO_PAM_UNIX_SESSION_CLOSED pam_unix\(sudo:session\): (?session closed) for user %{NOTSPACE:sudo_runas} diff --git a/tests/data/sudo b/tests/data/sudo index 2472998..c5c5d54 100644 --- a/tests/data/sudo +++ b/tests/data/sudo @@ -45,4 +45,15 @@ data = [ "sudo_command": "../../../module/harm/plugin/script/harm_mgr.sh floatIP.sh status active key1=value1; 0 ha2", }, }, + { + "raw": "<85>1 2025-03-18T15:11:22.912566+01:00 ood11 sudo: - sudo: apache : PWD=/ ; USER=root ; COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage pun -u vsc10520 -a https%3a%2f%2fportal.hpc.vub.be%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri", + "expected": { + "@source_host": "ood11", + "program": "sudo", + "sudo_pwd": "/", + "sudo_runas": "root", + "sudo_user": "apache", + "sudo_command": "/opt/ood/nginx_stage/sbin/nginx_stage pun -u vsc10520 -a https%3a%2f%2fportal.hpc.vub.be%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri", + }, + }, ] From ef5f0a88697e340821a5c48a8dc5939da3cd8d78 Mon Sep 17 00:00:00 2001 From: Ward Poelmans Date: Tue, 18 Mar 2025 15:54:20 +0100 Subject: [PATCH 2/2] add pun stuff for ood --- files/sudo | 5 ++++- tests/data/sudo | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/files/sudo b/files/sudo index 7215e4f..65f44d7 100644 --- a/files/sudo +++ b/files/sudo @@ -6,7 +6,10 @@ SUDO_COMMAND COMMAND=%{GREEDYDATA:sudo_command} SUDO_USER %{NOTSPACE:sudo_user} SUDO_RUNAS USER=%{NOTSPACE:sudo_runas} -SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : (?:%{SUDO_TTY} ; )?%{SUDO_PWD} ; %{SUDO_RUNAS} ; %{SUDO_COMMAND} +# for PUN of Open Ondemand +SUDO_OOD_PUN COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage %{NOTSPACE:pun_command} -u %{NOTSPACE:pun_user} .* + +SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : (?:%{SUDO_TTY} ; )?%{SUDO_PWD} ; %{SUDO_RUNAS} ; (?:%{SUDO_OOD_PUN}|%{SUDO_COMMAND}) SUDO_INFO_PAM_UNIX_SESSION_OPENED pam_unix\(sudo:session\): (?session opened) for user %{NOTSPACE:sudo_runas} by %{SUDO_USER}\(uid=%{NUMBER}\) SUDO_INFO_PAM_UNIX_SESSION_CLOSED pam_unix\(sudo:session\): (?session closed) for user %{NOTSPACE:sudo_runas} diff --git a/tests/data/sudo b/tests/data/sudo index c5c5d54..0da8298 100644 --- a/tests/data/sudo +++ b/tests/data/sudo @@ -53,7 +53,8 @@ data = [ "sudo_pwd": "/", "sudo_runas": "root", "sudo_user": "apache", - "sudo_command": "/opt/ood/nginx_stage/sbin/nginx_stage pun -u vsc10520 -a https%3a%2f%2fportal.hpc.vub.be%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri", + "pun_command": "pun", + "pun_user": "vsc10520", }, }, ]