Ad Widget

Collapse

disable pam logging for agent

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • chubbypiper
    Junior Member
    • Apr 2019
    • 1
    #1

    disable pam logging for agent

    I am getting a lot of messages in journalctl from pam for all the sudo runs that the agent does. I saw https://unix.stackexchange.com/quest...ic-user/224444 for information on how to disable it, but it wasn't very successful. This is the contents of /etc/pam.d/sudo:

    Code:
    [root@Sisko pam.d]# cat sudo
#%PAM-1.0
session [success=1 default=ignore] pam_succeed_if.so quiet ruser = zabbix-agent
auth        include        system-auth
account        include        system-auth
session        include        system-auth
[root@Sisko pam.d]#
    However, I am still seeing entries in the journal for zabbix agent:

    Code:
    [root@Sisko pam.d]# journalctl -b | tail -n 40
Apr 15 20:48:16 Sisko sudo[469708]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:18 Sisko sudo[469713]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status NetworkManager
Apr 15 20:48:18 Sisko sudo[469713]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:18 Sisko sudo[469713]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:19 Sisko sudo[469718]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status nfs-server
Apr 15 20:48:19 Sisko sudo[469718]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:19 Sisko sudo[469718]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:20 Sisko sudo[469724]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status ntpd
Apr 15 20:48:20 Sisko sudo[469724]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:20 Sisko sudo[469724]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:21 Sisko sudo[469732]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status org.cups.cupsd
Apr 15 20:48:21 Sisko sudo[469732]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:21 Sisko sudo[469732]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:22 Sisko sudo[469738]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status reflector
Apr 15 20:48:22 Sisko sudo[469738]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:22 Sisko sudo[469738]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:23 Sisko sudo[469743]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status smartd
Apr 15 20:48:23 Sisko sudo[469743]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:23 Sisko sudo[469743]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:24 Sisko sudo[469750]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status sshd
Apr 15 20:48:24 Sisko sudo[469750]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:24 Sisko sudo[469750]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:25 Sisko sudo[469756]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status sysstat
Apr 15 20:48:25 Sisko sudo[469756]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:25 Sisko sudo[469756]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:27 Sisko sudo[469762]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status systemd-timesyncd
Apr 15 20:48:27 Sisko sudo[469762]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:27 Sisko sudo[469762]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:28 Sisko sudo[469769]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status xrdp
Apr 15 20:48:28 Sisko sudo[469769]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:28 Sisko sudo[469769]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:30 Sisko sudo[469793]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status zabbix-agent
Apr 15 20:48:30 Sisko sudo[469793]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:30 Sisko sudo[469793]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:50 Sisko sudo[469816]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status display-manager
Apr 15 20:48:50 Sisko sudo[469816]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:50 Sisko sudo[469816]: pam_unix(sudo:session): session closed for user root
Apr 15 20:48:51 Sisko sudo[469821]: zabbix-agent : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl status lightdm
Apr 15 20:48:51 Sisko sudo[469821]: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 20:48:51 Sisko sudo[469821]: pam_unix(sudo:session): session closed for user root
[root@Sisko pam.d]#
    I'm sure it's an order thing with my pam configs, but I'm not seeing what I'm doing wrong. Does anyone have any suggestions?
    Tags: None
    • 1977er
      Junior Member
      • Feb 2022
      • 4
      #2
      -----------
      Last edited by 1977er; 24-07-2022, 00:02. Reason: sorry, for quoting redundant information (link to stackoverflow)

        Comment

        • mvrk
          Member
          • Oct 2008
          • 71
          #3
          I'm having the same issue, were you able to find a solution?

            Comment

            • 1977er
              Junior Member
              • Feb 2022
              • 4
              #4
              Originally posted by mvrk
              I'm having the same issue, were you able to find a solution?
              No, I have not.

                Comment

                • tim.mooney
                  Senior Member
                  • Dec 2012
                  • 1427
                  #5
                  Originally posted by 1977er

                  No, I have not.
                  The original poster's pam session entry is incorrect. They have 'ruser = zabbix-agent', but that's wrong. On most systems, especially systems using the official packages, the service account user is 'zabbix', so pam_succeed_if.so test should be 'ruser = zabbix'.

                    Comment

                    • 1977er
                      Junior Member
                      • Feb 2022
                      • 4
                      #6
                      Originally posted by tim.mooney

                      The original poster's pam session entry is incorrect. They have 'ruser = zabbix-agent', but that's wrong. On most systems, especially systems using the official packages, the service account user is 'zabbix', so pam_succeed_if.so test should be 'ruser = zabbix'.
                      Unfortunately this does/did not help in my case. My "ruser" setting has always been consistent with the zabbix account on the system.

                        Comment

                        • PavelZ
                          Senior Member
                          • Dec 2024
                          • 162
                          #7
                          For templates with sudo, a typical configuration looks something like this:
                          file : /etc/sudoers.d/zabbix_smartctl
                          Code:
                          Defaults:zabbix !requiretty,!logfile, !syslog, !pam_session
                          This eliminates typically useless spam in the logs.

                            Comment

                            Previous template Next
                            Working...