[sudo-users] sudoreplay with agrument command not working?
Stefan.Schmid at isc-ejpd.admin.ch
Stefan.Schmid at isc-ejpd.admin.ch
Fri Jul 6 02:22:34 MDT 2018
Hi
Running the following sudoreplay I see that user isc-zas has used the less command. That is ok.
# sudoreplay -m 1 isc-zas/00/00/05
(..)
# less /etc/ssh/sshd_config
(..)
However, running sudoreplay with argument <command> does not show the less command.
I exspect sudoreplay to list TSIDs where the less command has been used. Am I wrong ?
# sudoreplay -l user isc-zas command /usr/bin/less
#
# sudoreplay -l user isc-zas command less
#
# sudoreplay -l user isc-zas
Jul 5 10:27:33 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/02 ; COMMAND=/usr/bin/su -
Jul 5 10:56:24 2018 : isc-zas : TTY=/dev/pts/2 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/03 ; COMMAND=/usr/bin/su -
Jul 5 11:02:01 2018 : isc-zas : TTY=/dev/pts/2 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/04 ; COMMAND=/usr/bin/su -
Jul 5 11:57:32 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/05 ; COMMAND=/usr/bin/su -
Jul 5 14:26:09 2018 : isc-zas : TTY=/dev/pts/5 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/06 ; COMMAND=/usr/bin/su -
Jul 5 15:07:14 2018 : isc-zas : TTY=/dev/pts/5 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/07 ; COMMAND=/usr/bin/su -
Jul 5 16:03:48 2018 : isc-zas : TTY=/dev/pts/0 ; CWD=/usr/shared/home/isc-zas ; USER=root ; TSID=isc-zas/00/00/08 ; COMMAND=/usr/bin/su -
# sudoreplay -V
sudoreplay version 1.8.20p2 (SLES 12 SP3)
Freundliche Grüsse
Stefan Schmid
Stv. Bereichsleiter Unix Plattformen
Eidgenössisches Justiz- und Polizeidepartement EJPD
Informatik Service Center ISC-EJPD
Betrieb und Support (B&S)
Fellerstrasse 15, 3003 Bern
Tel.: +41 (0)58 464 72 67
mailto:stefan.schmid at isc-ejpd.admin.ch<mailto:vorname.namen at isc-ejpd.admin.ch>
www.isc-ejpd.admin.ch<http://www.isc-ejpd.admin.ch>
More information about the sudo-users
mailing list