diff --git a/doc/sudo_logsrvd.conf.man.in b/doc/sudo_logsrvd.conf.man.in index fa0d5d527..70fdd05f8 100644 --- a/doc/sudo_logsrvd.conf.man.in +++ b/doc/sudo_logsrvd.conf.man.in @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2019 Todd C. Miller +.\" Copyright (c) 2019-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "November 16, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "January 22, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -105,6 +105,13 @@ Multiple \fIlisten_address\fR lines may be specified to listen on more than one interface. .TP 10n +tcp_keepalive = boolean +If true, +\fBsudo_logsrvd\fR +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message, the connection will be closed. +.TP 10n timeout = number The amount of time, in seconds, \fBsudo_logsrvd\fR @@ -531,6 +538,9 @@ Sudo log server configuration file # The default is to listen on all addresses. #listen_address = *:30344 +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + # The amount of time, in seconds, the server will wait for the client to # respond. A value of 0 will disable the timeout. The default value is 30. #timeout = 30 diff --git a/doc/sudo_logsrvd.conf.mdoc.in b/doc/sudo_logsrvd.conf.mdoc.in index 1138345f0..375f6c310 100644 --- a/doc/sudo_logsrvd.conf.mdoc.in +++ b/doc/sudo_logsrvd.conf.mdoc.in @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2019 Todd C. Miller +.\" Copyright (c) 2019-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd November 16, 2019 +.Dd January 22, 2020 .Dt SUDO_LOGSRVD.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -96,6 +96,12 @@ which will listen on all configured network interfaces. Multiple .Em listen_address lines may be specified to listen on more than one interface. +.It tcp_keepalive = boolean +If true, +.Nm sudo_logsrvd +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message, the connection will be closed. .It timeout = number The amount of time, in seconds, .Nm sudo_logsrvd @@ -482,6 +488,9 @@ Sudo log server configuration file # The default is to listen on all addresses. #listen_address = *:30344 +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + # The amount of time, in seconds, the server will wait for the client to # respond. A value of 0 will disable the timeout. The default value is 30. #timeout = 30 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index a1ea24285..d91d06455 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "December 9, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "January 22, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -2592,6 +2592,19 @@ This flag is \fIoff\fR by default. .TP 18n +log_server_keepalive +If set, +\fBsudo\fR +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be killed unless the +\fIignore_iolog_errors\fR +flag is set. +This flag is +\fIon\fR +by default. +.TP 18n log_year If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 3b06eda15..e3cc90013 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd December 9, 2019 +.Dd January 22, 2020 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -2439,6 +2439,18 @@ section. This flag is .Em off by default. +.It log_server_keepalive +If set, +.Nm sudo +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be killed unless the +.Em ignore_iolog_errors +flag is set. +This flag is +.Em on +by default. .It log_year If set, the four-digit year will be logged in the (non-syslog) .Nm sudo diff --git a/examples/sudo_logsrvd.conf b/examples/sudo_logsrvd.conf index fdc643525..cc8ebeab8 100644 --- a/examples/sudo_logsrvd.conf +++ b/examples/sudo_logsrvd.conf @@ -17,13 +17,13 @@ # The default is to listen on all addresses. #listen_address = *:30344 +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + # The amount of time, in seconds, the server will wait for the client to # respond. A value of 0 will disable the timeout. The default value is 30. #timeout = 30 -# If set, SO_KEEPALIVE socket option is set on the connected socket. -#tcp_keepalive = true - # If set, secure connections with TLS 1.2 or 1.3. # By default, server connections are not encrypted. #tls = true