This is due to the stock CentOS 5.3 kernel not being compiled with the proper support for auditing. RedHat offers more advanced auditing support in its version of sudo as a custom patch, but the patch is applied whether the kernel has proper support for auditing or not.If you go to the CentOS RPM repository, you can pick up the source package for sudo. Unpack the SPRM with:
sudo rpm -i sudo-[blah blah].src.rpm
cd on to over to /usr/src/redhat/SPECS, where you’ll find the compilation spec sudo.spec. Either follow RedHat Bugzilla by changing the lines as so:
1 - if( err <= 0 && !(errno == EPERM && getuid() != 0) ) 2 + if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED )
Or
By commenting out all references to patch5, the audit patch added to sudo by RedHat:
# Patch5: sudo-1.6.9p13-audit.patch #... # %patch5 -p1 -b .audit
You can choose any of the method the audit features. YMMV.
Once you’re done with that, build the SPRM:
sudo rpmbuild -bb sudo.spec
And install:
rpm --force -i /usr/src/redhat/RPMS/[arch]/sudo-[blah blah].rpm
Note that this will overwrite your system sudo with your custom compiled version, so keep a root shell open or enable your root user until you’re sure that your new sudo works. Also, keep in mind that system updates to sudo may overwrite your existing installation. YMMV. This is but one solution of many.
Linxfo's Weblog 