Annotation of embedaddon/sudo/doc/sudoreplay.man.in, revision 1.1.1.4

1.1.1.3   misho       1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
                      2: .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
                      3: .\"
                      4: .\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
                      5: .\"
1.1       misho       6: .\" Permission to use, copy, modify, and distribute this software for any
                      7: .\" purpose with or without fee is hereby granted, provided that the above
                      8: .\" copyright notice and this permission notice appear in all copies.
1.1.1.3   misho       9: .\"
1.1       misho      10: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
                     11: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
                     12: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
                     13: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
                     14: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
                     15: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
                     16: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
                     17: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     18: .\"
1.1.1.4 ! misho      19: .TH "SUDOREPLAY" "@mansectsu@" "February 5, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
1.1       misho      20: .nh
1.1.1.3   misho      21: .if n .ad l
1.1       misho      22: .SH "NAME"
1.1.1.3   misho      23: \fBsudoreplay\fR
                     24: \- replay sudo session logs
1.1       misho      25: .SH "SYNOPSIS"
1.1.1.3   misho      26: .HP 11n
                     27: \fBsudoreplay\fR
                     28: [\fB\-h\fR]
                     29: [\fB\-d\fR\ \fIdirectory\fR]
                     30: [\fB\-f\fR\ \fIfilter\fR]
                     31: [\fB\-m\fR\ \fImax_wait\fR]
                     32: [\fB\-s\fR\ \fIspeed_factor\fR]
                     33: ID
                     34: .HP 11n
                     35: \fBsudoreplay\fR
                     36: [\fB\-h\fR]
                     37: [\fB\-d\fR\ \fIdirectory\fR]
                     38: \fB\-l\fR
                     39: [search expression]
1.1       misho      40: .SH "DESCRIPTION"
1.1.1.3   misho      41: \fBsudoreplay\fR
                     42: plays back or lists the output logs created by
                     43: \fBsudo\fR.
                     44: When replaying,
                     45: \fBsudoreplay\fR
                     46: can play the session back in real-time, or the playback speed may be
                     47: adjusted (faster or slower) based on the command line options.
                     48: .PP
                     49: The
                     50: \fIID\fR
                     51: should either be a six character sequence of digits and
                     52: upper case letters, e.g.\&
                     53: \fR0100A5\fR,
                     54: or a pattern matching the
                     55: \fIiolog_file\fR
                     56: option in the
                     57: \fIsudoers\fR
                     58: file.
                     59: When a command is run via
                     60: \fBsudo\fR
                     61: with
                     62: \fIlog_output\fR
                     63: enabled in the
                     64: \fIsudoers\fR
                     65: file, a
                     66: \fRTSID=ID\fR
                     67: string is logged via syslog or to the
                     68: \fBsudo\fR
                     69: log file.
                     70: The
                     71: \fIID\fR
                     72: may also be determined using
                     73: \fBsudoreplay\fR's
                     74: list mode.
                     75: .PP
                     76: In list mode,
                     77: \fBsudoreplay\fR
                     78: can be used to find the ID of a session based on a number of criteria
                     79: such as the user, tty or command run.
1.1       misho      80: .PP
                     81: In replay mode, if the standard output has not been redirected,
1.1.1.3   misho      82: \fBsudoreplay\fR
                     83: will act on the following keys:
                     84: .TP 14n
                     85: `\fR\ \fR' (space)
1.1       misho      86: Pause output; press any key to resume.
1.1.1.3   misho      87: .TP 14n
                     88: `<'
1.1       misho      89: Reduce the playback speed by one half.
1.1.1.3   misho      90: .TP 14n
                     91: `>'
1.1       misho      92: Double the playback speed.
1.1.1.3   misho      93: .PP
                     94: The options are as follows:
                     95: .TP 14n
                     96: \fB\-d\fR \fIdirectory\fR
                     97: .br
                     98: Use
                     99: \fIdirectory\fR
                    100: to for the session logs instead of the default,
                    101: \fI@iolog_dir@\fR.
                    102: .TP 14n
                    103: \fB\-f\fR \fIfilter\fR
                    104: By default,
                    105: \fBsudoreplay\fR
                    106: will play back the command's standard output, standard error and tty output.
                    107: The
                    108: \fB\-f\fR
                    109: option can be used to select which of these to output.
                    110: The
                    111: \fIfilter\fR
                    112: argument is a comma-separated list, consisting of one or more of following:
                    113: \fIstdout\fR,
                    114: \fIstderr\fR,
                    115: and
                    116: \fIttyout\fR.
                    117: .TP 14n
                    118: \fB\-h\fR
                    119: The
                    120: \fB\-h\fR (\fIhelp\fR)
                    121: option causes
                    122: \fBsudoreplay\fR
                    123: to print a short help message to the standard output and exit.
                    124: .TP 14n
                    125: \fB\-l\fR [\fIsearch expression\fR]
                    126: Enable
                    127: ``list mode''.
                    128: In this mode,
                    129: \fBsudoreplay\fR
                    130: will list available sessions in a format similar to the
                    131: \fBsudo\fR
                    132: log file format, sorted by file name (or sequence number).
                    133: If a
                    134: \fIsearch expression\fR
                    135: is specified, it will be used to restrict the IDs that are displayed.
1.1.1.2   misho     136: An expression is composed of the following predicates:
1.1.1.3   misho     137: .RS
                    138: .TP 8n
                    139: command \fIpattern\fR
                    140: Evaluates to true if the command run matches
                    141: \fIpattern\fR.
                    142: On systems with POSIX regular expression support, the pattern may
                    143: be an extended regular expression.
1.1.1.4 ! misho     144: On systems without POSIX regular expression support, a simple sub-string
1.1.1.3   misho     145: match is performed instead.
                    146: .TP 8n
                    147: cwd \fIdirectory\fR
1.1       misho     148: Evaluates to true if the command was run with the specified current
                    149: working directory.
1.1.1.3   misho     150: .TP 8n
                    151: fromdate \fIdate\fR
                    152: Evaluates to true if the command was run on or after
                    153: \fIdate\fR.
                    154: See
                    155: \fIDate and time format\fR
                    156: for a description of supported date and time formats.
                    157: .TP 8n
                    158: group \fIrunas_group\fR
1.1       misho     159: Evaluates to true if the command was run with the specified
1.1.1.3   misho     160: \fIrunas_group\fR.
                    161: Note that unless a
                    162: \fIrunas_group\fR
                    163: was explicitly specified when
                    164: \fBsudo\fR
                    165: was run this field will be empty in the log.
                    166: .TP 8n
                    167: runas \fIrunas_user\fR
                    168: Evaluates to true if the command was run as the specified
                    169: \fIrunas_user\fR.
                    170: Note that
                    171: \fBsudo\fR
                    172: runs commands as user
                    173: \fIroot\fR
                    174: by default.
                    175: .TP 8n
                    176: todate \fIdate\fR
                    177: Evaluates to true if the command was run on or prior to
                    178: \fIdate\fR.
                    179: See
                    180: \fIDate and time format\fR
                    181: for a description of supported date and time formats.
                    182: .TP 8n
                    183: tty \fItty name\fR
                    184: Evaluates to true if the command was run on the specified terminal device.
                    185: The
                    186: \fItty name\fR
                    187: should be specified without the
                    188: \fI/dev/\fR
                    189: prefix, e.g.\&
                    190: \fItty01\fR
                    191: instead of
                    192: \fI/dev/tty01\fR.
                    193: .TP 8n
                    194: user \fIuser name\fR
                    195: Evaluates to true if the ID matches a command run by
                    196: \fIuser name\fR.
                    197: .PP
1.1       misho     198: Predicates may be abbreviated to the shortest unique string (currently
                    199: all predicates may be shortened to a single character).
1.1.1.3   misho     200: .sp
                    201: Predicates may be combined using
                    202: \fIand\fR,
                    203: \fIor\fR
                    204: and
                    205: \fI\&!\fR
                    206: operators as well as
                    207: `\&('
                    208: and
                    209: `\&)'
                    210: grouping (note that parentheses must generally be escaped from the shell).
                    211: The
                    212: \fIand\fR
                    213: operator is optional, adjacent predicates have an implied
                    214: \fIand\fR
                    215: unless separated by an
                    216: \fIor\fR.
                    217: .PP
1.1       misho     218: .RE
1.1.1.3   misho     219: .PD 0
                    220: .TP 14n
                    221: \fB\-m\fR \fImax_wait\fR
                    222: Specify an upper bound on how long to wait between key presses or output data.
                    223: By default,
                    224: \fBsudoreplay\fR
                    225: will accurately reproduce the delays between key presses or program output.
                    226: However, this can be tedious when the session includes long pauses.
                    227: When the
                    228: \fB\-m\fR
                    229: option is specified,
                    230: \fBsudoreplay\fR
                    231: will limit these pauses to at most
                    232: \fImax_wait\fR
                    233: seconds.
                    234: The value may be specified as a floating point number, e.g.\&
                    235: \fI2.5\fR.
                    236: .PD
                    237: .TP 14n
                    238: \fB\-s\fR \fIspeed_factor\fR
                    239: This option causes
                    240: \fBsudoreplay\fR
                    241: to adjust the number of seconds it will wait between key presses or
                    242: program output.
                    243: This can be used to slow down or speed up the display.
                    244: For example, a
                    245: \fIspeed_factor\fR
                    246: of
                    247: \fI2\fR
                    248: would make the output twice as fast whereas a
                    249: \fIspeed_factor\fR
                    250: of
                    251: \fI.5\fR
                    252: would make the output twice as slow.
                    253: .TP 14n
                    254: \fB\-V\fR
                    255: The
                    256: \fB\-V\fR (\fIversion\fR)
                    257: option causes
                    258: \fBsudoreplay\fR
                    259: to print its version number
1.1       misho     260: and exit.
                    261: .SS "Date and time format"
                    262: The time and date may be specified multiple ways, common formats include:
1.1.1.3   misho     263: .TP 8n
                    264: HH:MM:SS am MM/DD/CCYY timezone
1.1       misho     265: 24 hour time may be used in place of am/pm.
1.1.1.3   misho     266: .TP 8n
                    267: HH:MM:SS am Month, Day Year timezone
1.1       misho     268: 24 hour time may be used in place of am/pm, and month and day names
1.1.1.3   misho     269: may be abbreviated.
                    270: Note that month and day of the week names must be specified in English.
                    271: .TP 8n
                    272: CCYY-MM-DD HH:MM:SS
                    273: ISO time format
                    274: .TP 8n
                    275: DD Month CCYY HH:MM:SS
1.1       misho     276: The month name may be abbreviated.
                    277: .PP
1.1.1.3   misho     278: Either time or date may be omitted, the am/pm and timezone are optional.
                    279: If no date is specified, the current day is assumed; if no time is
                    280: specified, the first second of the specified date is used.
                    281: The less significant parts of both time and date may also be omitted,
                    282: in which case zero is assumed.
1.1       misho     283: .PP
                    284: The following are all valid time and date specifications:
1.1.1.3   misho     285: .TP 8n
                    286: now
1.1       misho     287: The current time and date.
1.1.1.3   misho     288: .TP 8n
                    289: tomorrow
1.1       misho     290: Exactly one day from now.
1.1.1.3   misho     291: .TP 8n
                    292: yesterday
1.1       misho     293: 24 hours ago.
1.1.1.3   misho     294: .TP 8n
                    295: 2 hours ago
1.1       misho     296: 2 hours ago.
1.1.1.3   misho     297: .TP 8n
                    298: next Friday
1.1       misho     299: The first second of the next Friday.
1.1.1.3   misho     300: .TP 8n
                    301: this week
1.1       misho     302: The current time but the first day of the coming week.
1.1.1.3   misho     303: .TP 8n
                    304: a fortnight ago
1.1       misho     305: The current time but 14 days ago.
1.1.1.3   misho     306: .TP 8n
                    307: 10:01 am 9/17/2009
1.1       misho     308: 10:01 am, September 17, 2009.
1.1.1.3   misho     309: .TP 8n
                    310: 10:01 am
1.1       misho     311: 10:01 am on the current day.
1.1.1.3   misho     312: .TP 8n
                    313: 10
1.1       misho     314: 10:00 am on the current day.
1.1.1.3   misho     315: .TP 8n
                    316: 9/17/2009
1.1       misho     317: 00:00 am, September 17, 2009.
1.1.1.3   misho     318: .TP 8n
                    319: 10:01 am Sep 17, 2009
1.1       misho     320: 10:01 am, September 17, 2009.
                    321: .SH "FILES"
1.1.1.3   misho     322: .TP 26n
                    323: \fI@iolog_dir@\fR
1.1       misho     324: The default I/O log directory.
1.1.1.3   misho     325: .TP 26n
                    326: \fI@iolog_dir@/00/00/01/log\fR
1.1       misho     327: Example session log info.
1.1.1.3   misho     328: .TP 26n
                    329: \fI@iolog_dir@/00/00/01/stdin\fR
1.1       misho     330: Example session standard input log.
1.1.1.3   misho     331: .TP 26n
                    332: \fI@iolog_dir@/00/00/01/stdout\fR
1.1       misho     333: Example session standard output log.
1.1.1.3   misho     334: .TP 26n
                    335: \fI@iolog_dir@/00/00/01/stderr\fR
1.1       misho     336: Example session standard error log.
1.1.1.3   misho     337: .TP 26n
                    338: \fI@iolog_dir@/00/00/01/ttyin\fR
1.1       misho     339: Example session tty input file.
1.1.1.3   misho     340: .TP 26n
                    341: \fI@iolog_dir@/00/00/01/ttyout\fR
1.1       misho     342: Example session tty output file.
1.1.1.3   misho     343: .TP 26n
                    344: \fI@iolog_dir@/00/00/01/timing\fR
1.1       misho     345: Example session timing file.
                    346: .PP
1.1.1.3   misho     347: Note that the
                    348: \fIstdin\fR,
                    349: \fIstdout\fR
                    350: and
                    351: \fIstderr\fR
                    352: files will be empty unless
                    353: \fBsudo\fR
                    354: was used as part of a pipeline for a particular command.
1.1       misho     355: .SH "EXAMPLES"
1.1.1.3   misho     356: List sessions run by user
                    357: \fImillert\fR:
                    358: .nf
                    359: .sp
                    360: .RS 6n
                    361: # sudoreplay -l user millert
                    362: .RE
                    363: .fi
1.1       misho     364: .PP
1.1.1.3   misho     365: List sessions run by user
                    366: \fIbob\fR
                    367: with a command containing the string vi:
                    368: .nf
                    369: .sp
                    370: .RS 6n
                    371: # sudoreplay -l user bob command vi
                    372: .RE
                    373: .fi
1.1       misho     374: .PP
1.1.1.3   misho     375: List sessions run by user
                    376: \fIjeff\fR
                    377: that match a regular expression:
                    378: .nf
                    379: .sp
                    380: .RS 6n
                    381: # sudoreplay -l user jeff command '/bin/[a-z]*sh'
                    382: .RE
                    383: .fi
1.1       misho     384: .PP
                    385: List sessions run by jeff or bob on the console:
1.1.1.3   misho     386: .nf
                    387: .sp
                    388: .RS 6n
                    389: # sudoreplay -l ( user jeff or user bob ) tty console
                    390: .RE
                    391: .fi
1.1       misho     392: .SH "SEE ALSO"
1.1.1.3   misho     393: sudo(@mansectsu@),
                    394: script(1)
                    395: .SH "AUTHORS"
1.1       misho     396: Todd C. Miller
                    397: .SH "BUGS"
1.1.1.3   misho     398: If you feel you have found a bug in
                    399: \fBsudoreplay\fR,
                    400: please submit a bug report at http://www.sudo.ws/sudo/bugs/
1.1       misho     401: .SH "SUPPORT"
                    402: Limited free support is available via the sudo-users mailing list,
1.1.1.3   misho     403: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
1.1       misho     404: search the archives.
                    405: .SH "DISCLAIMER"
1.1.1.3   misho     406: \fBsudoreplay\fR
                    407: is provided
                    408: ``AS IS''
                    409: and any express or implied warranties, including, but not limited
                    410: to, the implied warranties of merchantability and fitness for a
                    411: particular purpose are disclaimed.
                    412: See the LICENSE file distributed with
                    413: \fBsudo\fR
                    414: or http://www.sudo.ws/sudo/license.html for complete details.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>