Sudosh is designed specifically to be used in conjunction with sudo or by itself as a login shell. Sudosh allows the execution of a root or user shell with logging. Every command the user types within the root shell is logged as well as the output.
This is different from "sudo -s" or "sudo /bin/sh", because when you use one of these instead of sudosh to start a new shell, then this new shell does not log commands typed in the new shell to syslog; only the fact that a new shell started is logged.
If this newly started shell supports commandline history, then you can still find the commands called in the shell in a file such as .sh_history, but if you use a shell such as csh that does not support command-line logging you are out of luck.
Sudosh fills this gap. No matter what shell you use, all of the command lines are logged to syslog (including vi keystrokes). In fact, sudosh uses the script command to log all key strokes and output.
Setting up sudosh is fairly easy. For a Linux system, first download the RPM of sudosh, for example fromrpm.pbone.net. Then install
it on your Linux server:
# rpm -ihv sudosh-1.8.2-1.2.el4.rf.i386.rpm
Preparing... ########################################### [100%]
1:sudosh ########################################### [100%]
Then, go to the /etc file system and open up /etc/sudosh.conf. Here you can adjust the default shell that is started, and the location of the log files. Default, the log directory is /var/log/sudosh. Make sure this directory exists on your server, or change
it to another existing directory in the sudosh.conf file. This command will set the correct authorizations on the log directory:
# sudosh -i
[info]: chmod 0733 directory /var/log/sudosh
Then, if you want to assign a user sudosh access, edit the /etc/sudoers file by running visudo, and add the following line:
username ALL=PASSWD:/usr/bin/sudosh
Now, the user can login, and run the following command to gain root access:
$ sudo sudosh
Password:
# whoami
root
Now, as a sys admin, you can view the log files created in /var/log/sudosh, but it is much cooler to use thesudosh-replaycommand to replay (like a VCR) the actual session, as run by the user with the sudosh access.
First, run sudosh-replay without any paramaters, to get a list of sessions that took place using sudosh:
# sudosh-replay
Date Duration From To ID
==== ======== ==== == ==
09/16/2010 6s root root root-root-1284653707-GCw26NSq
Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay root-root-1284653707-GCw26NSq 1 2
Now, you can actually replay the session, by (for example) running:
# sudosh-replay root-root-1284653707-GCw26NSq 1 5
The first paramtere is the session-ID, the second parameter is the multiplier. Use a higher value for multiplier to speed up the replay, while "1" is the actual speed. And the third parameter is the max-wait. Where there might have been wait times in the actual
session, this parameter restricts to wait for a maximum max-wait seconds, in the example above, 5 seconds.
For AIX, you can find the necessary RPMhere. It is slightly
different, because it installs in /opt/freeware/bin, and also the sudosh.conf is located in this directory. Both Linux and AIX require of course sudo to be installed, before you can install and use sudosh.
分享到:
相关推荐
使用sudosh提供了一种更安全的替代方案,因为它不依赖于ForceCommand ,因此无法绕过。用法以下是通过3个简单步骤使用它的方法。 如果您不想自己构建它,请签出...: 启用sudo日志记录。 编辑/etc/sudoers.d/sudosh...
sudosh是一个sudo shell,过滤器,可以用作登录shell。 Sudosh记录所有击键和输出,并且可以像VCR一样回放会话。
sudosh是审核外壳过滤器,可以用作登录外壳。 Sudosh记录所有击键和输出,并且可以像VCR一样回放会话。 Sudosh2是sudosh发展的延续。 在sourceforge上不再进行开发,有关当前树,请参见...
sudosh3是基于sudosh2(sudosh的延续)的审核外壳和过滤器。
sudosh2 sudosh2是sudo和用户外壳之间的审计层,也可以用作登录外壳。 用户会话将被记录,并且可供系统管理员稍后回放。 sudosh2不会记录命令历史记录,除非通过ssh的command选项远程执行时。 如果您正在寻找仅...
cuda10.0补丁包,cuda10.0补丁包,安装方式sudo sh cuda_10.0.130.1_linux.run
Asciinema-rails是一颗宝石,它使您可以从Asciinema asciicasts或Sudosh日志文件生成回放文件,并使用捆绑的播放器从您自己的网站托管它们。安装将此行添加到您的应用程序的Gemfile中: gem 'asciinema-rails' 然后...
cuda-11.8.0-520.61.05-linux.7z.005【分卷压缩包】(请搜索001-005文件解压)
自己用的conda anaconda的替代品因为需要留一个备用
机器人操作系统ROS学习,十天学习基础,
运行命令如果报错d2j-dex2jar.sh: line 36: ./d2j_invoke.sh: Permission denied 则执行sudo chmod +x d2j_invoke.sh 之后再执行sudo sh d2j-dex2jar.sh classes.dex 3. 执行完步骤2后 会在目录下生成classes-dex2...
cuda 11.1.0 版本的运算平台,本资源免费下载 由于文件太大,所以分割为多个小文件上传,使用时请使用一下命令合并 cat cuda_11.1.0_455.23.05_linux.tar.gz* > cuda_11.1.0_455.23.05_linux.tar.gz ...
sudo sh duckchat.sh sudo sh duckchat.sh stop Linux下搭建步骤: 1、搭建PHP + Nginx服务,配置phpfpm、nginx,并启动成功。 2、从Github下载源代码,复制src目录下的所有内容,到网站根目录。 3、为根目录和所有...
sudo sh install.sh 二、下载容器 下载该地址https://mirrors.aliyun.com/deepin/pool/non-free/d/deepin.com.qq.im/下的deb文件。 三、安装 在deb所在的目录下打开终端输入: sudo dpkg -i deepin....
解压后cd进入opencv文件夹后,sudo sh opencv.sh 。 跑完后会在opencv-4.7.0/build/bin/文件夹下出现opencv-470.jar,同时将最关键的libopencv_java470.so放进系统路径。 可以跑下附带的hello.java,看看是否编译...
sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf" sudo ldconfig export LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib:$LD_LIBRARY_PATH sudo mkdir -p ...
4、切换到第一步脚本所在的目录,执行 sudo sh virtual.sh ,等待安装完成即可,如果中途遇到需要应答的地方,输入 y 即可继续完成安装,会自动配置好多种虚拟机、以及支持edk操作系统镜像下载的工具。 5、安装完成...
使用方法 猛击 “双击运行”。...如果您不喜欢自动更改的主机名,可用 change_hostname.sh 修改,使用方法:sudo sh change_hostname.sh 新主机名 ,或 sudo sh change_hostname.sh 后按提示操作。
https://blog.csdn.net/WzoneLayer/article/details/122549093 # 切换 Python2 sudo sh set_python.sh 2 # 切换 Python3 sudo sh set_python.sh 3
sudo sh duckchat.sh stop Linux下搭建步骤: 1、搭建PHP + Nginx服务,配置phpfpm、nginx,并启动成功。 2、从Github下载源代码,复制src目录下的所有内容,到网站根目录。 3、为根目录和所有子目录赋予权限。...