Solution for: #70: "audit_log_user_command(): Connection refused" when using sudo in CentOS 5

Recompile sudo from source package and patch auditing code

As cited in references, this is due to the stock CentOS 5.3 kernel not being compiled with the proper support for auditing. RedHat offers more advanced auditing support in its version of sudo as a custom patch, but the patch is applied whether the kernel has proper support for auditing or not. I don't really need any auditing code in this install, and I don't want to recompile my kernel either.

In this solution, I'm going to change the audit patch as per the RedHat Bugzilla suggests.

If you go to the CentOS RPM repository, you can pick up the source package for sudo. Unpack the SPRM with:

sudo rpm -i sudo-[blah blah].src.rpm

cd on to over to /usr/src/redhat/SPECS, where you'll find the compilation spec sudo.spec. Either follow RedHat Bugzilla by changing the lines as so:
- if( err <= 0 && !(errno == EPERM && getuid() != 0) ) + if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED )
By commenting out all references to patch5, the audit patch added to sudo by RedHat:
# Patch5: sudo-1.6.9p13-audit.patch #... # %patch5 -p1 -b .audit

I chose the second method, as I didn't see much value in taking the audit features. YMMV.

Once you're done with that, build the SPRM:
sudo rpmbuild -bb sudo.spec

And install:
rpm --force -i /usr/src/redhat/RPMS/[arch]/sudo-[blah blah].rpm

Note that this will overwrite your system sudo with your custom compiled version, so keep a root shell open or enable your root user until you're sure that your new sudo works. Also, keep in mind that system updates to sudo may overwrite your existing installation. YMMV. This is but one solution of many.

But ah, finally, silence from sudo, behaving as Unix tools should be.


  1. I found that there is a missing parenthesis in this patch and that the messages still show without it.

    if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED )

    should be:

    if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED ))

    mike on January 07, 2010, 09:08 PM UTC
  2. I just ran into this problem and found that my CentOS had been compiled with sudo version 1.6.9. Another version, 1.7.2, was already available in yum. A simple yum remove of the current sudo and yum add of the new sudo fixed the problem.

    kirkjared on April 10, 2011, 04:07 PM UTC
  3. Yeah, at the time there was no better option. Pretty sure the problem is solved now with the latest sudo.

    yliu on April 10, 2011, 07:01 PM UTC