Automatically generated by Pod::Man v1.34, Pod::Parser v1.13 Standard preamble: ========================================================================
\\$1
..
..
..
..
Set up some character translations and predefined strings. \*(-- will give an unbreakable dash, \*(PI will give pi, \*(L" will give a left double quote, and \*(R" will give a right double quote. | will give a real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to do unbreakable dashes and therefore won't be available. \*(C` and \*(C' expand to `' in nroff, nothing in troff, for use with C<>..tr \(*W-|\(bv\*(Tr
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
If the F register is turned on, we'll generate index entries on stderr for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index entries marked with X<> in POD. Of course, you'll have to process the output yourself in some meaningful fashion.. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
For nroff, turn off justification. Always turn off hyphenation; it makes way too many mistakes in technical documents. Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). Fear. Run. Save yourself. No user-serviceable parts.. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
======================================================================== Title "SUDOSCRIPTD 8" SUDOSCRIPTD 8 "2004-11-22" "perl v5.8.0" "User Contributed Perl Documentation"
"NAME"
.Vb 1
sudoscriptd - logging daemons for sudoshell(1)
.Ve
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1
sudoscriptd [-d|--datefmt long|short|sortable]
.Ve
"VERSION"
Header "VERSION" This manpage documents version 2.1.2 of sudoscriptd
"DESCRIPTION"
Header "DESCRIPTION" \fIsudoscriptd is a daemon for logging output from
sudoshell\|(8).
Used with that script, it provides an audit trail for shells run under
sudo.
"README"
Header "README" When
sudoscriptd starts, it creates a named pipe (\s-1FIFO\s0) in a spool
area. Then it forks a log management daemon that opens another \s-1FIFO\s0
and hangs around waiting for someone to write to it. When a new sudoshell
starts, it writes the name of the user who ran it (from \s-1SUDO_UID\s0) and its
own \s-1PID\s0 to the first \s-1FIFO\s0, then pauses waiting for a signal.
Sudoscriptd forks a logger with the information given by sudoshell,
which opens yet another \s-1FIFO\s0, whose name is derived from the username and
\s-1PID\s0. The logger then sends the signal that sudoshell is waiting for.
Sudoshell then runs
script\|(1) on the session \s-1FIFO\s0. The logger takes the
output thus produced, tags it with a session \s-1ID\s0, and writes it to the
log management daemon's (remember him?) \s-1FIFO\s0. The log daemon tags the data
with a datestamp and writes it to a log file. It also manages the logs so
they don't overflow the logging partition. When the user ends her
script\|(1)
session, sudoshell tells the front end daemon that it is done. The daemon
signals the session logger to wrap up its work, which it does by deleting
the session \s-1FIFO\s0 and exiting.
"CONFIGURATION"
Header "CONFIGURATION" \fIsudoshell uses
sudo\|(8) to perform all its authentication and
privilege escalation. The
sudoshell user must therefore be in the
\fIsudoers file (See
sudoers\|(5).) with an entry that allows
running
sudoshell as the desired user. See the \s-1SUDOCONFIG\s0 file in
the distribution for details. (On Linux, this will be in
/
usr/
share/
doc/
sudoscript-VERSION. Everywhere else, it's in
/
usr/
local/
doc/
sudoscript-VERSION.)
"IS THIS SECURE?"
Header "IS THIS SECURE?" In a word, no. Giving a user a root shell is a bad idea if you don't trust him
or her. There are countless ways to evade the audit trail provided by sudoscript,
even without root privilege. Let me highlight the last part of that sentence:
even
without root privilege! (Think about the implications of the fact that a user must have
write access to the logging \s-1FIFO\s0 to see what I mean.) That means you can't rely on
this tool to maintain security for you. So, what good is sudoscript? It's useful in an
at least two environments. First, you trust your users, but need a record of what they
do for auditing purposes. Second, you may or may not trust your users, but they have
successfully agitated for a root (or other) shell. Sudoscript then provides an audit trail as
long as your users don't try to evade it.
See the file \s-1SECURITY\s0 (in the same place as \s-1SUDOCONFIG\s0, above) for more on sudoscript's
security assumptions.
"SWITCHES"
Header "SWITCHES" One optional switch,
\*(C`--datefmt\*(C', is accepted by
\*(C`sudoscriptd\*(C'. This
controls the format of the datestamps in the log file. Three options
are available.
"long" 4
Item "long" This selects a long date format of 'wdy mon dd hh:mm:dd \s-1ZZZ\s0 \s-1YYYY\s0' where
'wdy' is the weekday name, 'mon' is the three letter month name, 'dd'
is the day of the month, hh:mm:ss' is the local time, '\s-1ZZZ\s0' is the local time
zone name and '\s-1YYYY\s0' is the four digit year.
"short" 4
Item "short" This selects a shorter date format of 'wdy mon dd hh:mm:dd'. This is
just the long with the time zone and year removed.
\*(C`short\*(C' is the default
format if no
\*(C`--datefmt\*(C' is given.
"sortable" 4
Item "sortable" This selects a compressed and numerically sortable format of 'yyyymmddhhmmss'.
"FILES"
Header "FILES" The front end fifo is /
var/
run/
sudocript/
rendezvous. The backend \s-1FIFO\s0
is /
var/
run/
sudocript/
merge. These two are semi-permanent. The session
FIFOs are named /
var/
run/
sudocript/
ssd{username}{pid}. They go away once
the session closes.
The log file is named /var/log/sudoscript. When the backend daemon
rotates the log, it forks a compressor that creates files called
/var/log/sudoscript.{n}.gz, where {n} is one through ten.
Sudoscriptd stores its \s-1PID\s0 in /var/run/sudoscriptd.pid.
"BUGS"
Header "BUGS" The
script\|(1) output is pretty ugly. All control characters are preserved
exactly as typed, or worse, as displayed by curses based console apps like
vi. The content of such logs can look completely unintelligible unless
they are cleaned up first. A shell script from the \*(L"Unix Power Tools\*(R" book
that uses
sed\|(1) to do a first pass over such logs is available at
<ftp://
ftp.oreilly.com/
pub/
examples/
power_tools/
unix/
split/
script.tidy>.
I considered building something like that into sudoscriptd, but rejected it
for two reasons. First, the daemon needs to get back to reading the \s-1FIFO\s0
as quickly as possible to avoid losing data to an over-full buffer. Second,
any cleanup of the logs would
remove information. This could be bad if
I were over-zealous in my clean up. As it stands, you can run your own
clean up on the log data without destroying the original log.
The datestamp() routine is not locale aware and returns American
English values.
"SEE ALSO"
Header "SEE ALSO" \fIsudoscript\|(8)
\fIsudoshell\|(1)
\fISudoscript\|(3pm)
\fIsudo\|(8)
\fIsudoers\|(5)
"PREREQUISITES"
Header "PREREQUISITES" sudo - <http://
www.courtesan.com/
sudo/
index.html>
"OSNAMES"
Header "OSNAMES" \f(CW\*(C`Solaris\*(C'
\f(CW\*(C`Linux\*(C'
\f(CW\*(C`FreeBSD\*(C'
\f(CW\*(C`OpenBSD\*(C'
\f(CW\*(C`HP-UX\*(C'
"SCRIPT CATEGORIES"
Header "SCRIPT CATEGORIES" UNIX/
System_administration
"CONTRIBUTORS"
Header "CONTRIBUTORS" The following people offered helpful advice
and/
or code:
.Vb 6
Dan Rich (drich@emplNOoyeeSPAMs.org)
Alex Griffiths (dag@unifiedNOcomputingSPAM.com)
Bruce Gray (bruce.gray@aNOcSPAMm.org)
Chan Wilson (cwilson@coNrOp.sSgPi.cAoMm>
Tommy Smith (tsNmOith@eSaPtAeMl.net)
Donny Jekels (donny@jNOeSkPeAlMs.com
.Ve
"AUTHOR"
Header "AUTHOR" Howard Owen, <hbo@egbok.com>
"COPYRIGHT AND LICENSE"
Header "COPYRIGHT AND LICENSE" Copyright 2002,2003 by Howard Owen
sudoscript is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.