[sudo] Capture sudo log files

Capture sudo and sudoers debug log files. Signed-off-by: Jose Castillo <[email protected]>
sosreport · Aug 27, 2024 · 052efc5 · 052efc5
1 parent 3886534
commit 052efc5
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/sos/report/plugins/sudo.py b/sos/report/plugins/sudo.py
@@ -21,6 +21,29 @@ class Sudo(Plugin, IndependentPlugin):
     def setup(self):
         self.add_copy_spec("/etc/sudo*")
 
+        config_file = "/etc/sudo.conf"
+        log_file_sudo = "/var/log/sudo_debug"
+        log_file_sudoers = "/var/log/sudoers_debug"
+        try:
+            with open(config_file, 'r', encoding='UTF-8') as cfile:
+                for line in cfile.read().splitlines():
+                    if not line:
+                        continue
+                    words = line.split('=')
+                    if words[0].strip() == 'Debug':
+                        if words[1].strip() == 'sudo':
+                            log_file_sudo = words[2].strip()
+                        if words[1].strip() == 'sudoers.so':
+                            log_file_sudoers = words[2].strip()
+        except IOError as error:
+            self._log_error(f'Could not open conf file {config_file}: '
+                            f'{error}')
+
+        if not self.get_option("all_logs"):
+            self.add_copy_spec([log_file_sudo, log_file_sudoers])
+        else:
+            self.add_copy_spec([log_file_sudo+'*', log_file_sudoers+'*'])
+
     def postproc(self):
         regexp = r"(\s*bindpw\s*)\S+"
         self.do_file_sub("/etc/sudo-ldap.conf", regexp, r"\1********")