isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

25 Commits

Author SHA1 Message Date
Todd C. Miller
14ffa00c06 The tls_verify setting only affects server behavior, not the client. 
Originally, there was a flag in the ServerHello message to indicate
that the client should verify the server cert, but this was removed
TLS was moved to a separate port.  Client validation of the server
certificate is now configured in the sudoers file instead.
 2021-08-03 09:50:07 -06:00
Todd C. Miller
0dd2b6442a Add log_exit setting in the sudo_logsrvd.conf eventlog stanza 
This causes sudo_logsrvd to log a record with the exit status or
terminating signal in response to an ExitMessage.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
f49930c62e Make the failed relay retry interval configurable. 
This is the amount of time to wait before trying to resend a
journal to the relay server after a connection error.
 2021-05-02 06:19:32 -06:00
Todd C. Miller
ae77355eda Document relay configuration changes. 2021-04-09 12:58:57 -06:00
Todd C. Miller
3aec794b75 Document relay and connect_timeout server settings. 2021-04-06 16:30:41 -06:00
Todd C. Miller
1659d96c55 Use port 30343 for plaintext and port 30344 for TLS. 
For TLS connections we now do the TLS handshake immediately before
the ServerHello message.  This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded.  It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
700becabc0 Make the path to logsrvd_cert.pem match the documentation. 2020-04-07 19:40:08 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5781a6a4cf Add support for JSON logging in sudo_logsrvd. 2020-02-17 16:10:56 -07:00
Laszlo Orban
24c9438486 logserver option to disable certificate verification on server side and server authentication on client side 2020-01-23 10:12:12 -07:00
Todd C. Miller
07a2965bab Document TCP keepalive options in the manual pages. 2020-01-22 11:07:01 -07:00
Laszlo Orban
38160d0ccb logserver: enable/disable SO_KEEPALIVE socket option based on tcp_keepalive configuration option in sudo_logsrvd.conf 2020-01-22 10:52:18 -07:00
Todd C. Miller
b31b830518 Document the process of creating self-signed certificates for sudo_logsrvd. 
Based on a document from Laszlo Orban.
 2019-11-19 14:29:40 -07:00
Todd C. Miller
366a63ce58 Change TLS example file locations to be under /etc/ssl/sudo. 2019-11-16 19:13:53 -07:00
Todd C. Miller
49c09ee2d8 Document sudo_logsrvd TLS configuration. 2019-11-16 13:01:49 -07:00
Laszlo Orban
b9641816d6 set timeout value for the socket 2019-11-15 09:52:48 +01:00
Laszlo Orban
2c5e421761 add configuration options for TLS 2019-11-12 10:26:48 +01:00
Todd C. Miller
1df3230c2a Document the sudo log server protocol 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
402820e8cf Convert sudo_logsrvd.conf to ini file format 2019-10-24 20:04:32 -06:00
Todd C. Miller
534aba7a3e Make the logsrvd port and list address configurable. 2019-10-24 20:04:32 -06:00
Todd C. Miller
a808dd45c2 Add config file support for logsrvd 2019-10-24 20:04:31 -06:00