Skip to content

bry4n/sudosh2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

src

src

 
 

.gitignore

.gitignore

 
 

AUTHORS

AUTHORS

 
 

COPYING

COPYING

 
 

ChangeLog

ChangeLog

 
 

INSTALL

INSTALL

 
 

Makefile.am

Makefile.am

 
 

Makefile.in

Makefile.in

 
 

NEWS

NEWS

 
 

PLATFORMS

PLATFORMS

 
 

README

README

 
 

TODO

TODO

 
 

aclocal.m4

aclocal.m4

 
 

bash_profile

bash_profile

 
 

config.guess

config.guess

 
 

config.h.in

config.h.in

 
 

config.sub

config.sub

 
 

configure

configure

 
 

configure.in

configure.in

 
 

depcomp

depcomp

 
 

install-sh

install-sh

 
 

missing

missing

 
 

sudosh-replay.8

sudosh-replay.8

 
 

sudosh-replay.8.in

sudosh-replay.8.in

 
 

sudosh.1.in

sudosh.1.in

 
 

sudosh.conf.5.in

sudosh.conf.5.in

 
 

sudosh.spec

sudosh.spec

 
 

sudosh2.rb

sudosh2.rb

 
 

Repository files navigation

This documentation is fairly out of date. For the latest, please go to
the project homepage at http://sudosh2.sourceforge.net/

Introduction:
=============

sudosh is a filter and can be used as a login shell.  sudosh takes advantage
of pty devices in order to sit between the user's keyboard and a program, in
this case a shell.

sudosh was designed specifically to be used in conjunction with sudo or by
itself as a login shell..  sudosh allows the execution of a root shell with
logging.  Every command the user types within the root shell is logged as
well as the output.

How is this different than "sudo -s" or "sudo /bin/sh" ?

Using "sudo -s" or other methods doesn't log commands typed to syslog.
Generally the commands are logged to a file such as .sh_history and if you
use a shell such as csh that doesn't support command-line logging you're
out of luck.

sudosh fills this gap.  No matter what shell you use, all of the command
lines are logged to syslog (including vi keystrokes.)

Installation:
=============

Compile sudosh.

1) ./configure
2) make
3) make install
4) sudosh -i

Configure sudosh to be used with sudo
=====================================

1) configure /etc/sudoers to allow system administrators to execute
   /usr/local/bin/sudosh

Example entry to /etc/sudoers:

-- /etc/sudoers begin --
User_Alias      ADMINS=admin1,admin2,admin3
User_Alias      DBAS=dba1,dba2,dba3
Cmnd_Alias      SUDOSH=/usr/local/bin/sudosh

ADMINS          ALL=SUDOSH
DBAS            ALL=(oracle)/usr/local/bin/sudosh
-- /etc/sudoers end --

2) use it.
3) Look at the results with the sudosh-replay command.

Example usage to get ROOT ACCESS:

-- example usage begin --
# Get access to root
dhanks@linux:~> sudo sudosh
Password:
starting session for dhanks as root,/dev/tty3 (/bin/bash) (root-1108447320)
linux:~ # id
uid=0(root) gid=0(root) groups=0(root)
linux:~ # exit
exit
dhanks@linux:~>
-- example usage end --

Example usage to get ORACLE ACCESS:

-- example usage begin --
# Get access to oracle
dhanks@linux:~> sudo -u oracle sudosh
Password:
starting session for dhanks as oracle,/dev/tty3 (/bin/bash) (oracle-1108447391)
oracle@linux:~> id
uid=1001(oracle) gid=100(users) groups=100(users)
oracle@linux:~> exit
dhanks@linux:~>
-- example usage end --

Configure sudosh to be used as a login shell
============================================

1) Set the default shell to be used as a login shell.  If you do not change
   the default value /bin/sh will be used.  Use the --with-defshell option
   to configure to set this value.

2) If your system supports /etc/shells, add the absolute path to sudosh to
   the list.

3) Edit /etc/passwd and set the user's shell to the absolute path of
   sudosh (generally /usr/local/bin/sudosh unless you change the --prefix)

4) To allow things like scp, sft, cvs, rsync, etc, use the "-c arg allow" in
   sudosh.conf. The allowed command will need to match what is being sent to
   it, notably some OpenSSH servers will call /usr/lib/openssh/sftp-server.

How To Replay Sessions
======================
Use the "sudosh-replay" command to replay previous root sessions.  To see
a list of available sessions execute "sudosh-replay" by itself.

-- example begin --
linux:~ # sudosh-replay
Sessions stored in /var/log/sudosh:
===================================
dhanks       1 session
  Wed Oct 20 18:39:00 2004 (ID dhanks-1098322740)

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
Example: sudosh-replay dhanks-1098322740 1 2
linux:~ #
-- example end--

As we can see there is 1 session available to view on my system at the
time of writing this documentation.

Use the ID to specify which session you which to replay.  The ID is located
in the brackets after the date string.  In this case our ID is
"dhanks-1098322740"

To view this session just as the user typed it, execute
"sudosh-replay dhanks-1098322740"

To merely just output the session data and ignore the timing information,
just set the multiplier to 0:
"sudosh-replay dhanks-1098322740" 0

The multiplier also works to speed up the session.  If you wish to speed up
the session 2x, use a multiplier of 2

"sudosh-replay dhanks-1098322740" 2

If you have people that type slowly or if a user goes away from the keyboard,
you don't want to sit there and wait for the output.  Instead set the MAXWAIT
variable.  It's set to 1 by default.

"sudosh-replay dhanks-1098322740" 2 .5

About

git mirror of http://sourceforge.net/projects/sudosh2/

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 1

Sudosh v2 Latest
Nov 13, 2013

Packages

No packages published

Languages