--- embedaddon/sudo/doc/sudoreplay.cat 2012/02/21 16:23:02 1.1 +++ embedaddon/sudo/doc/sudoreplay.cat 2013/10/14 07:56:34 1.1.1.5 @@ -1,263 +1,266 @@ -SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) +SUDOREPLAY(1m) System Manager's Manual SUDOREPLAY(1m) - - NNAAMMEE - sudoreplay - replay sudo session logs + ssuuddoorreeppllaayy - replay sudo session logs SSYYNNOOPPSSIISS - ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss - _s_p_e_e_d___f_a_c_t_o_r] ID + ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] [--ff _f_i_l_t_e_r] [--mm _n_u_m] [--ss _n_u_m] ID - ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] -l [search expression] + ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] --ll [search expression] DDEESSCCRRIIPPTTIIOONN - ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When - replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the - playback speed may be adjusted (faster or slower) based on the command - line options. + ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When + replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the + playback speed may be adjusted (faster or slower) based on the command + line options. - The _I_D should either be a six character sequence of digits and upper - case letters, e.g. 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option - in the _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t - enabled in the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or - to the ssuuddoo log file. The _I_D may also be determined using ssuuddoorreeppllaayy's - list mode. + The _I_D should either be a six character sequence of digits and upper case + letters, e.g. 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option in the + _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t enabled in + the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or to the ssuuddoo + log file. The _I_D may also be determined using ssuuddoorreeppllaayy's list mode. - In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based - on a number of criteria such as the user, tty or command run. + In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based on + a number of criteria such as the user, tty or command run. - In replay mode, if the standard output has not been redirected, - ssuuddoorreeppllaayy will act on the following keys: + In replay mode, if the standard output has not been redirected, + ssuuddoorreeppllaayy will act on the following keys: - ' ' (space) - Pause output; press any key to resume. + ` ' (space) Pause output; press any key to resume. - '<' Reduce the playback speed by one half. + `<' Reduce the playback speed by one half. - '>' Double the playback speed. + `>' Double the playback speed. -OOPPTTIIOONNSS - ssuuddoorreeppllaayy accepts the following command line options: + The options are as follows: - -d _d_i_r_e_c_t_o_r_y - Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the - default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o. + --dd _d_i_r, ----ddiirreeccttoorryy=_d_i_r + Store session logs in _d_i_r instead of the default, + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o. - -f _f_i_l_t_e_r By default, ssuuddoorreeppllaayy will play back the command's - standard output, standard error and tty output. The _-_f - option can be used to select which of these to output. The - _f_i_l_t_e_r argument is a comma-separated list, consisting of - one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t. + --ff _f_i_l_t_e_r, ----ffiilltteerr=_f_i_l_t_e_r + Select which I/O type(s) to display. By default, ssuuddoorreeppllaayy + will display the command's standard output, standard error + and tty output. The _f_i_l_t_e_r argument is a comma-separated + list, consisting of one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, + and _t_t_y_o_u_t. - -h The --hh (_h_e_l_p) option causes ssuuddoorreeppllaayy to print a short - help message to the standard output and exit. + --hh, ----hheellpp Display a short help message to the standard output and exit. - -l [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n] - Enable "list mode". In this mode, ssuuddoorreeppllaayy will list - available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is - specified, it will be used to restrict the IDs that are - displayed. An expression is composed of the following - predicates: + --ll, ----lliisstt [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n] + Enable ``list mode''. In this mode, ssuuddoorreeppllaayy will list + available sessions in a format similar to the ssuuddoo log file + format, sorted by file name (or sequence number). If a + _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict + the IDs that are displayed. An expression is composed of the + following predicates: - command _c_o_m_m_a_n_d _p_a_t_t_e_r_n - Evaluates to true if the command run matches - _c_o_m_m_a_n_d _p_a_t_t_e_r_n. On systems with POSIX regular - expression support, the pattern may be an extended - regular expression. On systems without POSIX - regular expression support, a simple substring - match is performed instead. + command _p_a_t_t_e_r_n + Evaluates to true if the command run matches _p_a_t_t_e_r_n. + On systems with POSIX regular expression support, the + pattern may be an extended regular expression. On + systems without POSIX regular expression support, a + simple sub-string match is performed instead. - cwd _d_i_r_e_c_t_o_r_y - Evaluates to true if the command was run with the - specified current working directory. + cwd _d_i_r_e_c_t_o_r_y + Evaluates to true if the command was run with the + specified current working directory. - fromdate _d_a_t_e - Evaluates to true if the command was run on or - after _d_a_t_e. See "Date and time format" for a - description of supported date and time formats. + fromdate _d_a_t_e + Evaluates to true if the command was run on or after + _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description of + supported date and time formats. - group _r_u_n_a_s___g_r_o_u_p - Evaluates to true if the command was run with the - specified _r_u_n_a_s___g_r_o_u_p. Note that unless a - _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was - run this field will be empty in the log. + group _r_u_n_a_s___g_r_o_u_p + Evaluates to true if the command was run with the + specified _r_u_n_a_s___g_r_o_u_p. Note that unless a + _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was + run this field will be empty in the log. - runas _r_u_n_a_s___u_s_e_r - Evaluates to true if the command was run as the - specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands - as user _r_o_o_t by default. + runas _r_u_n_a_s___u_s_e_r + Evaluates to true if the command was run as the + specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands + as user _r_o_o_t by default. - todate _d_a_t_e - Evaluates to true if the command was run on or - prior to _d_a_t_e. See "Date and time format" for a - description of supported date and time formats. + todate _d_a_t_e + Evaluates to true if the command was run on or prior + to _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description + of supported date and time formats. - tty _t_t_y Evaluates to true if the command was run on the - specified terminal device. The _t_t_y should be - specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1 - instead of _/_d_e_v_/_t_t_y_0_1. + tty _t_t_y _n_a_m_e + Evaluates to true if the command was run on the + specified terminal device. The _t_t_y _n_a_m_e should be + specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1 + instead of _/_d_e_v_/_t_t_y_0_1. - user _u_s_e_r _n_a_m_e - Evaluates to true if the ID matches a command run - by _u_s_e_r _n_a_m_e. + user _u_s_e_r _n_a_m_e + Evaluates to true if the ID matches a command run by + _u_s_e_r _n_a_m_e. - Predicates may be abbreviated to the shortest unique string - (currently all predicates may be shortened to a single - character). + Predicates may be abbreviated to the shortest unique string + (currently all predicates may be shortened to a single + character). - Predicates may be combined using _a_n_d, _o_r and _! operators as - well as '(' and ')' for grouping (note that parentheses - must generally be escaped from the shell). The _a_n_d - operator is optional, adjacent predicates have an implied - _a_n_d unless separated by an _o_r. + Predicates may be combined using _a_n_d, _o_r and _! operators as + well as `(' and `)' grouping (note that parentheses must + generally be escaped from the shell). The _a_n_d operator is + optional, adjacent predicates have an implied _a_n_d unless + separated by an _o_r. - -m _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key - presses or output data. By default, ssuuddoo__rreeppllaayy will - accurately reproduce the delays between key presses or - program output. However, this can be tedious when the - session includes long pauses. When the _-_m option is - specified, ssuuddoorreeppllaayy will limit these pauses to at most - _m_a_x___w_a_i_t seconds. The value may be specified as a floating - point number, .e.g. _2_._5. + --mm, ----mmaaxx--wwaaiitt _m_a_x___w_a_i_t + Specify an upper bound on how long to wait between key + presses or output data. By default, ssuuddoorreeppllaayy will + accurately reproduce the delays between key presses or + program output. However, this can be tedious when the + session includes long pauses. When the --mm option is + specified, ssuuddoorreeppllaayy will limit these pauses to at most + _m_a_x___w_a_i_t seconds. The value may be specified as a floating + point number, e.g. _2_._5. - -s _s_p_e_e_d___f_a_c_t_o_r - This option causes ssuuddoorreeppllaayy to adjust the number of - seconds it will wait between key presses or program output. - This can be used to slow down or speed up the display. For - example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as - fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output - twice as slow. + --ss, ----ssppeeeedd _s_p_e_e_d___f_a_c_t_o_r + This option causes ssuuddoorreeppllaayy to adjust the number of seconds + it will wait between key presses or program output. This can + be used to slow down or speed up the display. For example, a + _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as fast whereas + a _s_p_e_e_d___f_a_c_t_o_r of _._5 would make the output twice as slow. - -V The --VV (version) option causes ssuuddoorreeppllaayy to print its - version number and exit. + --VV, ----vveerrssiioonn + Print the ssuuddoorreeppllaayy versions version number and exit. DDaattee aanndd ttiimmee ffoorrmmaatt - The time and date may be specified multiple ways, common formats - include: + The time and date may be specified multiple ways, common formats include: - HH:MM:SS am MM/DD/CCYY timezone - 24 hour time may be used in place of am/pm. + HH:MM:SS am MM/DD/CCYY timezone + 24 hour time may be used in place of am/pm. - HH:MM:SS am Month, Day Year timezone - 24 hour time may be used in place of am/pm, and month and day - names may be abbreviated. Note that month and day of the week - names must be specified in English. + HH:MM:SS am Month, Day Year timezone + 24 hour time may be used in place of am/pm, and month and day + names may be abbreviated. Note that month and day of the week + names must be specified in English. - CCYY-MM-DD HH:MM:SS - ISO time format + CCYY-MM-DD HH:MM:SS + ISO time format - DD Month CCYY HH:MM:SS - The month name may be abbreviated. + DD Month CCYY HH:MM:SS + The month name may be abbreviated. - Either time or date may be omitted, the am/pm and timezone are - optional. If no date is specified, the current day is assumed; if no - time is specified, the first second of the specified date is used. The - less significant parts of both time and date may also be omitted, in - which case zero is assumed. For example, the following are all valid: + Either time or date may be omitted, the am/pm and timezone are optional. + If no date is specified, the current day is assumed; if no time is + specified, the first second of the specified date is used. The less + significant parts of both time and date may also be omitted, in which + case zero is assumed. - The following are all valid time and date specifications: + The following are all valid time and date specifications: - now The current time and date. + now The current time and date. - tomorrow - Exactly one day from now. + tomorrow + Exactly one day from now. - yesterday - 24 hours ago. + yesterday + 24 hours ago. - 2 hours ago - 2 hours ago. + 2 hours ago + 2 hours ago. - next Friday - The first second of the next Friday. + next Friday + The first second of the Friday in the next (upcoming) week. Not + to be confused with ``this friday'' which would match the friday + of the current week. - this week - The current time but the first day of the coming week. + last week + The current time but 7 days ago. This is equivalent to ``a week + ago''. - a fortnight ago - The current time but 14 days ago. + a fortnight ago + The current time but 14 days ago. - 10:01 am 9/17/2009 - 10:01 am, September 17, 2009. + 10:01 am 9/17/2009 + 10:01 am, September 17, 2009. - 10:01 am - 10:01 am on the current day. + 10:01 am + 10:01 am on the current day. - 10 10:00 am on the current day. + 10 10:00 am on the current day. - 9/17/2009 - 00:00 am, September 17, 2009. + 9/17/2009 + 00:00 am, September 17, 2009. - 10:01 am Sep 17, 2009 - 10:01 am, September 17, 2009. + 10:01 am Sep 17, 2009 + 10:01 am, September 17, 2009. + Note that relative time specifications do not always work as expected. + For example, the ``next'' qualifier is intended to be used in conjunction + with a day such as ``next Monday''. When used with units of weeks, + months, years, etc the result will be one more than expected. For + example, ``next week'' will result in a time exactly two weeks from now, + which is probably not what was intended. This will be addressed in a + future version of ssuuddoorreeppllaayy. + FFIILLEESS - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory. + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g Example session log info. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n Example session standard input log. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t Example session standard output log. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r Example session standard error log. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n Example session tty input file. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t Example session tty output file. - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g + _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g Example session timing file. - Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo - was used as part of a pipeline for a particular command. + Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo + was used as part of a pipeline for a particular command. EEXXAAMMPPLLEESS - List sessions run by user _m_i_l_l_e_r_t: + List sessions run by user _m_i_l_l_e_r_t: - sudoreplay -l user millert + # sudoreplay -l user millert - List sessions run by user _b_o_b with a command containing the string vi: + List sessions run by user _b_o_b with a command containing the string vi: - sudoreplay -l user bob command vi + # sudoreplay -l user bob command vi - List sessions run by user _j_e_f_f that match a regular expression: + List sessions run by user _j_e_f_f that match a regular expression: - sudoreplay -l user jeff command '/bin/[a-z]*sh' + # sudoreplay -l user jeff command '/bin/[a-z]*sh' - List sessions run by jeff or bob on the console: + List sessions run by jeff or bob on the console: - sudoreplay -l ( user jeff or user bob ) tty console + # sudoreplay -l ( user jeff or user bob ) tty console SSEEEE AALLSSOO - _s_u_d_o(1m), _s_c_r_i_p_t(1) + sudo(1m), script(1) -AAUUTTHHOORR - Todd C. Miller +AAUUTTHHOORRSS + Todd C. Miller BBUUGGSS - If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug - report at http://www.sudo.ws/sudo/bugs/ + If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug + report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT - Limited free support is available via the sudo-users mailing list, see - http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search - the archives. + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the + archives. DDIISSCCLLAAIIMMEERR - ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of - merchantability and fitness for a particular purpose are disclaimed. - See the LICENSE file distributed with ssuuddoo or - http://www.sudo.ws/sudo/license.html for complete details. + ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties, + including, but not limited to, the implied warranties of merchantability + and fitness for a particular purpose are disclaimed. See the LICENSE + file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for + complete details. - - -1.8.3 September 16, 2011 SUDOREPLAY(1m) +Sudo 1.8.8 September 11, 2013 Sudo 1.8.8