From 2746188f1c04624d206016f3f750f3b6ab3d72ed Mon Sep 17 00:00:00 2001
From: Admin MPCZ <admin@mpcz.fr>
Date: Wed, 15 Apr 2026 12:12:22 +0200
Subject: [PATCH] audit _run: detection sudo refused plus robuste
 (accent-insensitive, sudo:, no tty)

---
 app/services/realtime_audit_service.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py
index 736deaf..d4f98bf 100644
--- a/app/services/realtime_audit_service.py
+++ b/app/services/realtime_audit_service.py
@@ -245,9 +245,13 @@ def _run(client, cmd):
         out = stdout.read().decode("utf-8", errors="replace").strip()
         err = stderr.read().decode("utf-8", errors="replace").strip()
 
-        # Fallback sans sudo si sudoers refuse bash -c
-        if (not out) and err and ("pas autorisé" in err or "not allowed to execute" in err
-                                   or "is not allowed" in err or "command not found" in err.lower()):
+        # Fallback sans sudo si sudoers refuse (detection robuste case/accent insensible)
+        err_low = err.lower()
+        sudo_refused = any(kw in err_low for kw in [
+            "pas autoris", "non autoris", "not allowed to execute",
+            "is not allowed", "no tty present", "sudo:",
+        ])
+        if (not out) and err and sudo_refused:
             _, stdout, stderr = client.exec_command(cmd, timeout=15)
             out = stdout.read().decode("utf-8", errors="replace").strip()
             err2 = stderr.read().decode("utf-8", errors="replace").strip()