summaryrefslogtreecommitdiffstats
path: root/doc/sudoreplay.cat
diff options
context:
space:
mode:
Diffstat (limited to 'doc/sudoreplay.cat')
-rw-r--r--doc/sudoreplay.cat303
1 files changed, 303 insertions, 0 deletions
diff --git a/doc/sudoreplay.cat b/doc/sudoreplay.cat
new file mode 100644
index 0000000..d3dd9ba
--- /dev/null
+++ b/doc/sudoreplay.cat
@@ -0,0 +1,303 @@
+SUDOREPLAY(1m) System Manager's Manual SUDOREPLAY(1m)
+
+NNAAMMEE
+ ssuuddoorreeppllaayy - replay sudo session logs
+
+SSYYNNOOPPSSIISS
+ ssuuddoorreeppllaayy [--hhnnRRSS] [--dd _d_i_r] [--ff _f_i_l_t_e_r] [--mm _n_u_m] [--ss _n_u_m] ID
+
+ ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] --ll [search expression]
+
+DDEESSCCRRIIPPTTIIOONN
+ ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When
+ replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the
+ playback speed may be adjusted (faster or slower) based on the command
+ line options.
+
+ The _I_D should either be a six character sequence of digits and upper case
+ letters, e.g., 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option in the
+ _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t enabled in
+ the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or to the ssuuddoo
+ log file. The _I_D may also be determined using ssuuddoorreeppllaayy's list mode.
+
+ In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based on
+ a number of criteria such as the user, tty or command run.
+
+ In replay mode, if the standard input and output are connected to a
+ terminal and the --nn option is not specified, ssuuddoorreeppllaayy will operate
+ interactively. In interactive mode, ssuuddoorreeppllaayy will attempt to adjust
+ the terminal size to match that of the session and write directly to the
+ terminal (not all terminals support this). Additionally, it will poll
+ the keyboard and act on the following keys:
+
+ `\n' or `\r' Skip to the next replay event; useful for long pauses.
+
+ ` ' (space) Pause output; press any key to resume.
+
+ `<' Reduce the playback speed by one half.
+
+ `>' Double the playback speed.
+
+ The session can be interrupted via control-C. When the session has
+ finished, the terminal is restored to its original size if it was changed
+ during playback.
+
+ The options are as follows:
+
+ --dd _d_i_r, ----ddiirreeccttoorryy=_d_i_r
+ Store session logs in _d_i_r instead of the default,
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o.
+
+ --ff _f_i_l_t_e_r, ----ffiilltteerr=_f_i_l_t_e_r
+ Select which I/O type(s) to display. By default, ssuuddoorreeppllaayy
+ will display the command's standard output, standard error
+ and tty output. The _f_i_l_t_e_r argument is a comma-separated
+ list, consisting of one or more of following: _s_t_d_i_n, _s_t_d_o_u_t,
+ _s_t_d_e_r_r, _t_t_y_i_n, and _t_t_y_o_u_t.
+
+ --hh, ----hheellpp Display a short help message to the standard output and exit.
+
+ --ll, ----lliisstt [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n]
+ Enable "list mode". In this mode, ssuuddoorreeppllaayy will list
+ available sessions in a format similar to the ssuuddoo log file
+ format, sorted by file name (or sequence number). If a
+ _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict
+ the IDs that are displayed. An expression is composed of the
+ following predicates:
+
+ command _p_a_t_t_e_r_n
+ Evaluates to true if the command run matches the
+ POSIX extended regular expression _p_a_t_t_e_r_n.
+
+ cwd _d_i_r_e_c_t_o_r_y
+ Evaluates to true if the command was run with the
+ specified current working directory.
+
+ fromdate _d_a_t_e
+ Evaluates to true if the command was run on or after
+ _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description of
+ supported date and time formats.
+
+ group _r_u_n_a_s___g_r_o_u_p
+ Evaluates to true if the command was run with the
+ specified _r_u_n_a_s___g_r_o_u_p. Note that unless a
+ _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was
+ run this field will be empty in the log.
+
+ runas _r_u_n_a_s___u_s_e_r
+ Evaluates to true if the command was run as the
+ specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands
+ as user _r_o_o_t by default.
+
+ todate _d_a_t_e
+ Evaluates to true if the command was run on or prior
+ to _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description
+ of supported date and time formats.
+
+ tty _t_t_y _n_a_m_e
+ Evaluates to true if the command was run on the
+ specified terminal device. The _t_t_y _n_a_m_e should be
+ specified without the _/_d_e_v_/ prefix, e.g., _t_t_y_0_1
+ instead of _/_d_e_v_/_t_t_y_0_1.
+
+ user _u_s_e_r _n_a_m_e
+ Evaluates to true if the ID matches a command run by
+ _u_s_e_r _n_a_m_e.
+
+ Predicates may be abbreviated to the shortest unique string.
+
+ Predicates may be combined using _a_n_d, _o_r and _! operators as
+ well as `(' and `)' grouping (note that parentheses must
+ generally be escaped from the shell). The _a_n_d operator is
+ optional, adjacent predicates have an implied _a_n_d unless
+ separated by an _o_r.
+
+ --mm, ----mmaaxx--wwaaiitt _m_a_x___w_a_i_t
+ Specify an upper bound on how long to wait between key
+ presses or output data. By default, ssuuddoorreeppllaayy will
+ accurately reproduce the delays between key presses or
+ program output. However, this can be tedious when the
+ session includes long pauses. When the --mm option is
+ specified, ssuuddoorreeppllaayy will limit these pauses to at most
+ _m_a_x___w_a_i_t seconds. The value may be specified as a floating
+ point number, e.g., _2_._5. A _m_a_x___w_a_i_t of zero or less will
+ eliminate the pauses entirely.
+
+ --nn, ----nnoonn--iinntteerraaccttiivvee
+ Do not prompt for user input or attempt to re-size the
+ terminal. The session is written to the standard output, not
+ directly to the user's terminal.
+
+ --RR, ----nnoo--rreessiizzee
+ Do not attempt to re-size the terminal to match the terminal
+ size of the session.
+
+ --SS, ----ssuussppeenndd--wwaaiitt
+ Wait while the command was suspended. By default, ssuuddoorreeppllaayy
+ will ignore the time interval between when the command was
+ suspended and when it was resumed. If the --SS option is
+ specified, ssuuddoorreeppllaayy will wait instead.
+
+ --ss, ----ssppeeeedd _s_p_e_e_d___f_a_c_t_o_r
+ This option causes ssuuddoorreeppllaayy to adjust the number of seconds
+ it will wait between key presses or program output. This can
+ be used to slow down or speed up the display. For example, a
+ _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as fast whereas
+ a _s_p_e_e_d___f_a_c_t_o_r of _._5 would make the output twice as slow.
+
+ --VV, ----vveerrssiioonn
+ Print the ssuuddoorreeppllaayy versions version number and exit.
+
+ DDaattee aanndd ttiimmee ffoorrmmaatt
+ The time and date may be specified multiple ways, common formats include:
+
+ HH:MM:SS am MM/DD/CCYY timezone
+ 24 hour time may be used in place of am/pm.
+
+ HH:MM:SS am Month, Day Year timezone
+ 24 hour time may be used in place of am/pm, and month and day
+ names may be abbreviated. Note that month and day of the week
+ names must be specified in English.
+
+ CCYY-MM-DD HH:MM:SS
+ ISO time format
+
+ DD Month CCYY HH:MM:SS
+ The month name may be abbreviated.
+
+ Either time or date may be omitted, the am/pm and timezone are optional.
+ If no date is specified, the current day is assumed; if no time is
+ specified, the first second of the specified date is used. The less
+ significant parts of both time and date may also be omitted, in which
+ case zero is assumed.
+
+ The following are all valid time and date specifications:
+
+ now The current time and date.
+
+ tomorrow
+ Exactly one day from now.
+
+ yesterday
+ 24 hours ago.
+
+ 2 hours ago
+ 2 hours ago.
+
+ next Friday
+ The first second of the Friday in the next (upcoming) week. Not
+ to be confused with "this Friday" which would match the Friday of
+ the current week.
+
+ last week
+ The current time but 7 days ago. This is equivalent to "a week
+ ago".
+
+ a fortnight ago
+ The current time but 14 days ago.
+
+ 10:01 am 9/17/2009
+ 10:01 am, September 17, 2009.
+
+ 10:01 am
+ 10:01 am on the current day.
+
+ 10 10:00 am on the current day.
+
+ 9/17/2009
+ 00:00 am, September 17, 2009.
+
+ 10:01 am Sep 17, 2009
+ 10:01 am, September 17, 2009.
+
+ Note that relative time specifications do not always work as expected.
+ For example, the "next" qualifier is intended to be used in conjunction
+ with a day such as "next Monday". When used with units of weeks, months,
+ years, etc the result will be one more than expected. For example, "next
+ week" will result in a time exactly two weeks from now, which is probably
+ not what was intended. This will be addressed in a future version of
+ ssuuddoorreeppllaayy.
+
+ DDeebbuuggggiinngg ssuuddoorreeppllaayy
+ ssuuddoorreeppllaayy versions 1.8.4 and higher support a flexible debugging
+ framework that is configured via Debug lines in the sudo.conf(4) file.
+
+ For more information on configuring sudo.conf(4), please refer to its
+ manual.
+
+FFIILLEESS
+ _/_e_t_c_/_s_u_d_o_._c_o_n_f Debugging framework configuration
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g
+ Example session log info.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n
+ Example session standard input log.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t
+ Example session standard output log.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r
+ Example session standard error log.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n
+ Example session tty input file.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t
+ Example session tty output file.
+
+ _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g
+ Example session timing file.
+
+ Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo
+ was used as part of a pipeline for a particular command.
+
+EEXXAAMMPPLLEESS
+ List sessions run by user _m_i_l_l_e_r_t:
+
+ # sudoreplay -l user millert
+
+ List sessions run by user _b_o_b with a command containing the string vi:
+
+ # sudoreplay -l user bob command vi
+
+ List sessions run by user _j_e_f_f that match a regular expression:
+
+ # sudoreplay -l user jeff command '/bin/[a-z]*sh'
+
+ List sessions run by jeff or bob on the console:
+
+ # sudoreplay -l ( user jeff or user bob ) tty console
+
+SSEEEE AALLSSOO
+ script(1), sudo.conf(4), sudo(1m)
+
+AAUUTTHHOORRSS
+ Many people have worked on ssuuddoo over the years; this version consists of
+ code written primarily by:
+
+ Todd C. Miller
+
+ See the CONTRIBUTORS file in the ssuuddoo distribution
+ (https://www.sudo.ws/contributors.html) for an exhaustive list of people
+ who have contributed to ssuuddoo.
+
+BBUUGGSS
+ If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug
+ report at https://bugzilla.sudo.ws/
+
+SSUUPPPPOORRTT
+ Limited free support is available via the sudo-users mailing list, see
+ https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
+
+DDIISSCCLLAAIIMMEERR
+ ssuuddoorreeppllaayy is provided "AS IS" and any express or implied warranties,
+ including, but not limited to, the implied warranties of merchantability
+ and fitness for a particular purpose are disclaimed. See the LICENSE
+ file distributed with ssuuddoo or https://www.sudo.ws/license.html for
+ complete details.
+
+Sudo 1.8.26 October 6, 2018 Sudo 1.8.26
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 15:25:38 +0000