Annotation of embedaddon/sudo/doc/sudoreplay.pod, revision 1.1
1.1 ! misho 1: Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
! 2:
! 3: Permission to use, copy, modify, and distribute this software for any
! 4: purpose with or without fee is hereby granted, provided that the above
! 5: copyright notice and this permission notice appear in all copies.
! 6:
! 7: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 8: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 9: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 10: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 11: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 12: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 13: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 14: ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 15:
! 16: =pod
! 17:
! 18: =head1 NAME
! 19:
! 20: sudoreplay - replay sudo session logs
! 21:
! 22: =head1 SYNOPSIS
! 23:
! 24: B<sudoreplay> [B<-h>] [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
! 25:
! 26: B<sudoreplay> [B<-h>] [B<-d> I<directory>] -l [search expression]
! 27:
! 28: =head1 DESCRIPTION
! 29:
! 30: B<sudoreplay> plays back or lists the output logs created by B<sudo>.
! 31: When replaying, B<sudoreplay> can play the session back in real-time,
! 32: or the playback speed may be adjusted (faster or slower) based on
! 33: the command line options.
! 34:
! 35: The I<ID> should either be a six character sequence of digits and
! 36: upper case letters, e.g. C<0100A5>, or a pattern matching the
! 37: I<iolog_file> option in the I<sudoers> file. When a command is run
! 38: via B<sudo> with I<log_output> enabled in the I<sudoers> file, a
! 39: C<TSID=ID> string is logged via syslog or to the B<sudo> log file.
! 40: The I<ID> may also be determined using B<sudoreplay>'s list mode.
! 41:
! 42: In list mode, B<sudoreplay> can be used to find the ID of a session
! 43: based on a number of criteria such as the user, tty or command run.
! 44:
! 45: In replay mode, if the standard output has not been redirected,
! 46: B<sudoreplay> will act on the following keys:
! 47:
! 48: =over 8
! 49:
! 50: =item ' ' (space)
! 51:
! 52: Pause output; press any key to resume.
! 53:
! 54: =item '<'
! 55:
! 56: Reduce the playback speed by one half.
! 57:
! 58: =item '>'
! 59:
! 60: Double the playback speed.
! 61:
! 62: =back
! 63:
! 64: =head1 OPTIONS
! 65:
! 66: B<sudoreplay> accepts the following command line options:
! 67:
! 68: =over 12
! 69:
! 70: =item -d I<directory>
! 71:
! 72: Use I<directory> to for the session logs instead of the default,
! 73: F</var/log/sudo-io>.
! 74:
! 75: =item -f I<filter>
! 76:
! 77: By default, B<sudoreplay> will play back the command's standard
! 78: output, standard error and tty output. The I<-f> option can be
! 79: used to select which of these to output. The I<filter> argument
! 80: is a comma-separated list, consisting of one or more of following:
! 81: I<stdout>, I<stderr>, and I<ttyout>.
! 82:
! 83: =item -h
! 84:
! 85: The B<-h> (I<help>) option causes B<sudoreplay> to print a short
! 86: help message to the standard output and exit.
! 87:
! 88: =item -l [I<search expression>]
! 89:
! 90: Enable "list mode". In this mode, B<sudoreplay> will list available
! 91: session IDs. If a I<search expression> is specified, it will be
! 92: used to restrict the IDs that are displayed. An expression is
! 93: composed of the following predicates:
! 94:
! 95: =over 8
! 96:
! 97: =item command I<command pattern>
! 98:
! 99: Evaluates to true if the command run matches I<command pattern>.
! 100: On systems with POSIX regular expression support, the pattern may
! 101: be an extended regular expression. On systems without POSIX regular
! 102: expression support, a simple substring match is performed instead.
! 103:
! 104: =item cwd I<directory>
! 105:
! 106: Evaluates to true if the command was run with the specified current
! 107: working directory.
! 108:
! 109: =item fromdate I<date>
! 110:
! 111: Evaluates to true if the command was run on or after I<date>.
! 112: See L<"Date and time format"> for a description of supported
! 113: date and time formats.
! 114:
! 115: =item group I<runas_group>
! 116:
! 117: Evaluates to true if the command was run with the specified
! 118: I<runas_group>. Note that unless a I<runas_group> was explicitly
! 119: specified when B<sudo> was run this field will be empty in the log.
! 120:
! 121: =item runas I<runas_user>
! 122:
! 123: Evaluates to true if the command was run as the specified I<runas_user>.
! 124: Note that B<sudo> runs commands as user I<root> by default.
! 125:
! 126: =item todate I<date>
! 127:
! 128: Evaluates to true if the command was run on or prior to I<date>.
! 129: See L<"Date and time format"> for a description of supported
! 130: date and time formats.
! 131:
! 132: =item tty I<tty>
! 133:
! 134: Evaluates to true if the command was run on the specified terminal
! 135: device. The I<tty> should be specified without the F</dev/> prefix,
! 136: e.g. F<tty01> instead of F</dev/tty01>.
! 137:
! 138: =item user I<user name>
! 139:
! 140: Evaluates to true if the ID matches a command run by I<user name>.
! 141:
! 142: =back
! 143:
! 144: Predicates may be abbreviated to the shortest unique string (currently
! 145: all predicates may be shortened to a single character).
! 146:
! 147: Predicates may be combined using I<and>, I<or> and I<!> operators
! 148: as well as C<'('> and C<')'> for grouping (note that parentheses
! 149: must generally be escaped from the shell). The I<and> operator is
! 150: optional, adjacent predicates have an implied I<and> unless separated
! 151: by an I<or>.
! 152:
! 153: =item -m I<max_wait>
! 154:
! 155: Specify an upper bound on how long to wait between key presses or
! 156: output data. By default, B<sudo_replay> will accurately reproduce
! 157: the delays between key presses or program output. However, this
! 158: can be tedious when the session includes long pauses. When the
! 159: I<-m> option is specified, B<sudoreplay> will limit these pauses
! 160: to at most I<max_wait> seconds. The value may be specified as a
! 161: floating point number, .e.g. I<2.5>.
! 162:
! 163: =item -s I<speed_factor>
! 164:
! 165: This option causes B<sudoreplay> to adjust the number of seconds
! 166: it will wait between key presses or program output. This can be
! 167: used to slow down or speed up the display. For example, a
! 168: I<speed_factor> of I<2> would make the output twice as fast whereas
! 169: a I<speed_factor> of <.5> would make the output twice as slow.
! 170:
! 171: =item -V
! 172:
! 173: The B<-V> (version) option causes B<sudoreplay> to print its version number
! 174: and exit.
! 175:
! 176: =back
! 177:
! 178: =head2 Date and time format
! 179:
! 180: The time and date may be specified multiple ways, common formats include:
! 181:
! 182: =over 8
! 183:
! 184: =item HH:MM:SS am MM/DD/CCYY timezone
! 185:
! 186: 24 hour time may be used in place of am/pm.
! 187:
! 188: =item HH:MM:SS am Month, Day Year timezone
! 189:
! 190: 24 hour time may be used in place of am/pm, and month and day names
! 191: may be abbreviated. Note that month and day of the week names must
! 192: be specified in English.
! 193:
! 194: =item CCYY-MM-DD HH:MM:SS
! 195:
! 196: ISO time format
! 197:
! 198: =item DD Month CCYY HH:MM:SS
! 199:
! 200: The month name may be abbreviated.
! 201:
! 202: =back
! 203:
! 204: Either time or date may be omitted, the am/pm and timezone are
! 205: optional. If no date is specified, the current day is assumed; if
! 206: no time is specified, the first second of the specified date is
! 207: used. The less significant parts of both time and date may also
! 208: be omitted, in which case zero is assumed. For example, the following
! 209: are all valid:
! 210:
! 211: The following are all valid time and date specifications:
! 212:
! 213: =over 8
! 214:
! 215: =item now
! 216:
! 217: The current time and date.
! 218:
! 219: =item tomorrow
! 220:
! 221: Exactly one day from now.
! 222:
! 223: =item yesterday
! 224:
! 225: 24 hours ago.
! 226:
! 227: =item 2 hours ago
! 228:
! 229: 2 hours ago.
! 230:
! 231: =item next Friday
! 232:
! 233: The first second of the next Friday.
! 234:
! 235: =item this week
! 236:
! 237: The current time but the first day of the coming week.
! 238:
! 239: =item a fortnight ago
! 240:
! 241: The current time but 14 days ago.
! 242:
! 243: =item 10:01 am 9/17/2009
! 244:
! 245: 10:01 am, September 17, 2009.
! 246:
! 247: =item 10:01 am
! 248:
! 249: 10:01 am on the current day.
! 250:
! 251: =item 10
! 252:
! 253: 10:00 am on the current day.
! 254:
! 255: =item 9/17/2009
! 256:
! 257: 00:00 am, September 17, 2009.
! 258:
! 259: =item 10:01 am Sep 17, 2009
! 260:
! 261: 10:01 am, September 17, 2009.
! 262:
! 263: =back
! 264:
! 265: =head1 FILES
! 266:
! 267: =over 24
! 268:
! 269: =item F</var/log/sudo-io>
! 270:
! 271: The default I/O log directory.
! 272:
! 273: =item F</var/log/sudo-io/00/00/01/log>
! 274:
! 275: Example session log info.
! 276:
! 277: =item F</var/log/sudo-io/00/00/01/stdin>
! 278:
! 279: Example session standard input log.
! 280:
! 281: =item F</var/log/sudo-io/00/00/01/stdout>
! 282:
! 283: Example session standard output log.
! 284:
! 285: =item F</var/log/sudo-io/00/00/01/stderr>
! 286:
! 287: Example session standard error log.
! 288:
! 289: =item F</var/log/sudo-io/00/00/01/ttyin>
! 290:
! 291: Example session tty input file.
! 292:
! 293: =item F</var/log/sudo-io/00/00/01/ttyout>
! 294:
! 295: Example session tty output file.
! 296:
! 297: =item F</var/log/sudo-io/00/00/01/timing>
! 298:
! 299: Example session timing file.
! 300:
! 301: =back
! 302:
! 303: Note that the I<stdin>, I<stdout> and I<stderr> files will be empty
! 304: unless B<sudo> was used as part of a pipeline for a particular
! 305: command.
! 306:
! 307: =head1 EXAMPLES
! 308:
! 309: List sessions run by user I<millert>:
! 310:
! 311: sudoreplay -l user millert
! 312:
! 313: List sessions run by user I<bob> with a command containing the string vi:
! 314:
! 315: sudoreplay -l user bob command vi
! 316:
! 317: List sessions run by user I<jeff> that match a regular expression:
! 318:
! 319: sudoreplay -l user jeff command '/bin/[a-z]*sh'
! 320:
! 321: List sessions run by jeff or bob on the console:
! 322:
! 323: sudoreplay -l ( user jeff or user bob ) tty console
! 324:
! 325: =head1 SEE ALSO
! 326:
! 327: L<sudo(8)>, L<script(1)>
! 328:
! 329: =head1 AUTHOR
! 330:
! 331: Todd C. Miller
! 332:
! 333: =head1 BUGS
! 334:
! 335: If you feel you have found a bug in B<sudoreplay>, please submit a bug report
! 336: at http://www.sudo.ws/sudo/bugs/
! 337:
! 338: =head1 SUPPORT
! 339:
! 340: Limited free support is available via the sudo-users mailing list,
! 341: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
! 342: search the archives.
! 343:
! 344: =head1 DISCLAIMER
! 345:
! 346: B<sudoreplay> is provided ``AS IS'' and any express or implied warranties,
! 347: including, but not limited to, the implied warranties of merchantability
! 348: and fitness for a particular purpose are disclaimed. See the LICENSE
! 349: file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
! 350: for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoreplay.pod CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc