You can disable sudo related log messages via adding something like
Defaults:juser !syslog
to the sudoers
file.
That will disable logging to syslog. But under e.g. CentOS/Fedora there is an auditd
enabled by default which continues to (verbosely) log a successful sudo execution via /var/log/audit/audit.log
. That means one (successful) sudo call results in 5 auditd log entries.
One (perhaps too broad) method to silence those messages is to disable the auditing of those message via auditctl
options like those:
-a exclude,always -F msgtype=USER_START
-a exclude,always -F msgtype=USER_END
-a exclude,always -F msgtype=USER_CMD
-a exclude,always -F msgtype=CRED_ACQ
-a exclude,always -F msgtype=CRED_DISP
Is there a more elegant/fine-grained method to only disable the auditing of successful sudo-calls?
(Perhaps only for a certain sudo-user?)
Best Answer
I looked this up on CentOS 7.
According to
man auditctl
you could check for the euid to filter out more specific for the user juser.