[sudo-users] sudoreplay with agrument command not working?

Stefan.Schmid at isc-ejpd.admin.ch Stefan.Schmid at isc-ejpd.admin.ch
Fri Jul 6 02:22:34 MDT 2018


Hi


Running the following sudoreplay I see that user isc-zas has used the less command. That is ok.

# sudoreplay -m 1 isc-zas/00/00/05
(..)
# less /etc/ssh/sshd_config
(..)

However, running sudoreplay with argument <command> does not show the less command.
I exspect sudoreplay to list TSIDs where the less command has been used. Am I wrong ?

# sudoreplay -l user isc-zas command /usr/bin/less
#
# sudoreplay -l user isc-zas command less
#

# sudoreplay -l user isc-zas
Jul  5 10:27:33 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/02 ; COMMAND=/usr/bin/su -
Jul  5 10:56:24 2018 : isc-zas : TTY=/dev/pts/2 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/03 ; COMMAND=/usr/bin/su -
Jul  5 11:02:01 2018 : isc-zas : TTY=/dev/pts/2 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/04 ; COMMAND=/usr/bin/su -
Jul  5 11:57:32 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/05 ; COMMAND=/usr/bin/su -
Jul  5 14:26:09 2018 : isc-zas : TTY=/dev/pts/5 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/06 ; COMMAND=/usr/bin/su -
Jul  5 15:07:14 2018 : isc-zas : TTY=/dev/pts/5 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/07 ; COMMAND=/usr/bin/su -
Jul  5 16:03:48 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/08 ; COMMAND=/usr/bin/su -


# sudoreplay -V
sudoreplay version 1.8.20p2    (SLES 12 SP3)



Freundliche Grüsse
Stefan Schmid
Stv. Bereichsleiter Unix Plattformen

Eidgenössisches Justiz- und Polizeidepartement EJPD
Informatik Service Center ISC-EJPD
Betrieb und Support (B&S)

Fellerstrasse 15, 3003 Bern
Tel.: +41 (0)58 464 72 67
mailto:stefan.schmid at isc-ejpd.admin.ch<mailto:vorname.namen at isc-ejpd.admin.ch>
www.isc-ejpd.admin.ch<http://www.isc-ejpd.admin.ch>





More information about the sudo-users mailing list