AIX Open Source

Hello Team,

We are continuously getting sudo parse error when user "svc_atos_aixvmsavg" is performing vulnerability scan on AIX system.
 
We need solution how we can get rid of below error which is generated under /var/log/message file.
 
Apr  5 20:57:09 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/2 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "QyOySgxY"; [ -f "/var/opt/cm-bundle/cm" ] || [ -d "/var/opt/cm-bundle/cm" ] && echo "found"; printf "command_done_%s" "QRb5JSNC" 

Apr  5 20:57:10 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:10 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "YW7QveHO"; ip address; printf "command_done_%s" "WokJPoTC"

Apr  5 20:57:11 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:11 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "rH17P9W0"; [ -f "/opt/dell/dellrepositorymanager/drm.sh" ] || [ -d "/opt/dell/dellrepositorymanager/drm.sh" ] && echo "found"; printf "command_done_%s" "jQmnE_yB"

Apr  5 20:57:12 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:12 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "WAOJHv_E"; bash -c 'cat /tmp/nessus.1743883031'; printf "command_done_%s" "Lq6dAhod"

sudo_ids                 1.9.5p2-1    C     R    Allows restricted root access for specified users. (/bin/rpm)

sudo_ids-1.9.5p2-1      Thu Jun 10 11:14:05 2021

oslevel AIX -> 7200-05-09-2446

Have you any clues or have you already  had this issue ?

Thanks for your help

HBO

It's complaining about an error near line 2 of /etc/sudoers.d/00_ag_recon.

Compare the file against the sudoers file description (man sudoers).
Use visudo to edit the sudoers description, and validate the format.

Hello Team,

We are continuously getting sudo parse error when user "svc_atos_aixvmsavg" is performing vulnerability scan on AIX system.
 
We need solution how we can get rid of below error which is generated under /var/log/message file.
 
Apr  5 20:57:09 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/2 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "QyOySgxY"; [ -f "/var/opt/cm-bundle/cm" ] || [ -d "/var/opt/cm-bundle/cm" ] && echo "found"; printf "command_done_%s" "QRb5JSNC" 

Apr  5 20:57:10 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:10 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "YW7QveHO"; ip address; printf "command_done_%s" "WokJPoTC"

Apr  5 20:57:11 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:11 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "rH17P9W0"; [ -f "/opt/dell/dellrepositorymanager/drm.sh" ] || [ -d "/opt/dell/dellrepositorymanager/drm.sh" ] && echo "found"; printf "command_done_%s" "jQmnE_yB"

Apr  5 20:57:12 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:12 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "WAOJHv_E"; bash -c 'cat /tmp/nessus.1743883031'; printf "command_done_%s" "Lq6dAhod"

sudo_ids                 1.9.5p2-1    C     R    Allows restricted root access for specified users. (/bin/rpm)

sudo_ids-1.9.5p2-1      Thu Jun 10 11:14:05 2021

oslevel AIX -> 7200-05-09-2446

Have you any clues or have you already  had this issue ?

Thanks for your help

HBO

Hello Team,

We are continuously getting sudo parse error when user "svc_atos_aixvmsavg" is performing vulnerability scan on AIX system.
 
We need solution how we can get rid of below error which is generated under /var/log/message file.
 
Apr  5 20:57:09 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/2 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "QyOySgxY"; [ -f "/var/opt/cm-bundle/cm" ] || [ -d "/var/opt/cm-bundle/cm" ] && echo "found"; printf "command_done_%s" "QRb5JSNC" 

Apr  5 20:57:10 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:10 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "YW7QveHO"; ip address; printf "command_done_%s" "WokJPoTC"

Apr  5 20:57:11 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:11 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "rH17P9W0"; [ -f "/opt/dell/dellrepositorymanager/drm.sh" ] || [ -d "/opt/dell/dellrepositorymanager/drm.sh" ] && echo "found"; printf "command_done_%s" "jQmnE_yB"

Apr  5 20:57:12 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:12 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "WAOJHv_E"; bash -c 'cat /tmp/nessus.1743883031'; printf "command_done_%s" "Lq6dAhod"

sudo_ids                 1.9.5p2-1    C     R    Allows restricted root access for specified users. (/bin/rpm)

sudo_ids-1.9.5p2-1      Thu Jun 10 11:14:05 2021

oslevel AIX -> 7200-05-09-2446

Have you any clues or have you already  had this issue ?

Thanks for your help

HBO

Hakim,

Please show the content of 00_ag_recon file.

Hello Team,

We are continuously getting sudo parse error when user "svc_atos_aixvmsavg" is performing vulnerability scan on AIX system.
 
We need solution how we can get rid of below error which is generated under /var/log/message file.
 
Apr  5 20:57:09 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/2 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "QyOySgxY"; [ -f "/var/opt/cm-bundle/cm" ] || [ -d "/var/opt/cm-bundle/cm" ] && echo "found"; printf "command_done_%s" "QRb5JSNC" 

Apr  5 20:57:10 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:10 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "YW7QveHO"; ip address; printf "command_done_%s" "WokJPoTC"

Apr  5 20:57:11 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:11 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "rH17P9W0"; [ -f "/opt/dell/dellrepositorymanager/drm.sh" ] || [ -d "/opt/dell/dellrepositorymanager/drm.sh" ] && echo "found"; printf "command_done_%s" "jQmnE_yB"

Apr  5 20:57:12 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:12 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "WAOJHv_E"; bash -c 'cat /tmp/nessus.1743883031'; printf "command_done_%s" "Lq6dAhod"

sudo_ids                 1.9.5p2-1    C     R    Allows restricted root access for specified users. (/bin/rpm)

sudo_ids-1.9.5p2-1      Thu Jun 10 11:14:05 2021

oslevel AIX -> 7200-05-09-2446

Have you any clues or have you already  had this issue ?

Thanks for your help

HBO

Hello Denis, 

Thanks for your involvement 

Below the content of the file 

# Asgard: created by create_Asgard_AIX_LDAP-v1.5.2.ksh version 1.5.0 from 2022/04/11 17:30 at 2022-08-02+02:36:28
User_Alias      PAMUSER = ATCY_PAMRecon, ATCY_PAMRecon1
Cmnd_Alias      PAMMGMT = /usr/bin/passwd, \
                          /usr/bin/chage, \
                          /usr/bin/pwdadm, \                          
                          /sbin/pam_tally2

PAMUSER LOCALHOST = (root) NOPASSWD: PAMMGMT

Sincerely,

Hakim,

Please show the content of 00_ag_recon file.

Hello Team,

We are continuously getting sudo parse error when user "svc_atos_aixvmsavg" is performing vulnerability scan on AIX system.
 
We need solution how we can get rid of below error which is generated under /var/log/message file.
 
Apr  5 20:57:09 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/2 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "QyOySgxY"; [ -f "/var/opt/cm-bundle/cm" ] || [ -d "/var/opt/cm-bundle/cm" ] && echo "found"; printf "command_done_%s" "QRb5JSNC" 

Apr  5 20:57:10 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:10 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "YW7QveHO"; ip address; printf "command_done_%s" "WokJPoTC"

Apr  5 20:57:11 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:11 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/1 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "rH17P9W0"; [ -f "/opt/dell/dellrepositorymanager/drm.sh" ] || [ -d "/opt/dell/dellrepositorymanager/drm.sh" ] && echo "found"; printf "command_done_%s" "jQmnE_yB"

Apr  5 20:57:12 auliud1prapp26 auth|security:alert sudo: svc_atos_aixvmsavg : parse error in /etc/sudoers.d/00_ag_recon near line 2 ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ;

Apr  5 20:57:12 auliud1prapp26 auth|security:notice sudo: svc_atos_aixvmsavg : HOST=auliud1prapp26.avivagroup.com ; TTY=pts/0 ; PWD=/home/AVIVAGROUP.COM/svc_atos_aixvmsavg ; USER=root ; COMMAND=/usr/bin/sh -c printf "command_start_%s" "WAOJHv_E"; bash -c 'cat /tmp/nessus.1743883031'; printf "command_done_%s" "Lq6dAhod"

sudo_ids                 1.9.5p2-1    C     R    Allows restricted root access for specified users. (/bin/rpm)

sudo_ids-1.9.5p2-1      Thu Jun 10 11:14:05 2021

oslevel AIX -> 7200-05-09-2446

Have you any clues or have you already  had this issue ?

Thanks for your help

HBO