sudo_logsrvd Not Logging Subcommands

[mthbrown]

Hi,

I'm currently using the latest version of sudo and sudo_logsrvd (I installed it from here). So it is v1.9.11.

When I configure the following in /etc/sudoers on the client:

Defaults env_reset
Defaults mail_badpass
Defaults use_pty
Defaults log_servers=192.168.121.33
Defaults log_format=json
Defaults log_subcmds
Defaults log_input
Defaults log_output
Defaults log_year
Defaults log_host

root ALL = (ALL : ALL) ALL
root ALL = (ALL) NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/sudoreplay

%sudo ALL = (ALL : ALL) ALL

Defaults:vagrant !fqdn
Defaults:vagrant !requiretty
vagrant ALL = (ALL) NOPASSWD: ALL

it successfully sends the following to the server:

• normal sudo commands (I see these using journalctl)
• session recording

What I don't see are subcommands and they are stored on the client and not the server. Is this expected behavior? Am I missing something? Thanks

[millert]

Thanks for your report, this is a bug. The subcommands are being sent to sudo_logsrvd for intercept but not log_subcmds.

[millert]

Fixed by 02e92c2