[Rdo-list] [Openstack] compute node secure message flood rootwrap.conf ovs-ofctl dump-flows br-int table=22

Marius Cornea marius at remote-lab.net
Tue Mar 24 23:50:47 UTC 2015 

I see that in Fedora21 pam_unix also logs the sudo session and it
shows up like this:

sudo[17062]: neutron : TTY=unknown ; PWD=/ ; USER=root ;
COMMAND=/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ovs-ofctl
dump-flows br-int table=23
sudo[17062]: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo[17062]: pam_unix(sudo:session): session closed for user root

In that case you can disable the messages by:

Defaults:neutron !syslog, !pam_session

On Tue, Mar 24, 2015 at 1:52 PM, Lars Kellogg-Stedman <lars at redhat.com> wrote:
> On Tue, Mar 24, 2015 at 02:22:18PM +0700, Chris wrote:
>> On our compute nodes the /var/log/secure log get flooded with the same kind
>> of messages:
>>
>> Mar 22 10:17:57 xxx sudo:  neutron : TTY=unknown ; PWD=/ ; USER=root ;
>> COMMAND=/usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ovs-ofctl
>> dump-flows br-int table=22
>>
>> Any hint what's the purpose of this and how to fix it?
>
> The purpose is that neutron is monitoring the flow rules in that
> particular table, probably in order ensure they remain correct.
> Because neutron is running as an unprivileged user, it needs to use
> "sudo" to gain elevated privileges.
>
> The `sudo` command is, by default, quite verbose, which makes sense in
> an environment where 'sudo' commands happen rarely as the result of
> manual administrator actions.  In an environment where it is part of
> frequent automated tasks it can be an annoyance.
>
> You can disable these messages for a *particular* user using syntax
> like this:
>
>     Defaults:neutron !syslog
>
> This will disable syslogging of sudo activity for user "neutron" while
> still leaving it enabled for everyone else.
>
> --
> Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
> Cloud Engineering / OpenStack          | http://blog.oddbit.com/
>
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
>
> To unsubscribe: rdo-list-unsubscribe at redhat.com

More information about the dev mailing list