sslogger(8) User Manuals sslogger(8)
NAME
sl, sslogger - execute a command as another user
SYNOPSIS
sl [-u user]
sl [-u user] [-h] ["command and args"]
sslogger [-h]
replay <filename>
DESCRIPTION
sslogger is session keystroke logging utility and allows permitted
users to execute commands, or open interactive shells as the superuser
or another user as specified by sudo rules in the sudoers file. When
used in interactive session mode, sslogger records keystrokes in a spe-
cial file. A tty is required for interactive sessions
sslogger also provides the ability to run in command mode in which a
command can be executed as another user. This allows sslogger to be
used within a script in non-interactive script. When running this mode,
stdin is closed.
Commands and interactive sessions write an entry to syslog. The default
keystroke log files are written to /var/log/sl/<host-
name>-<user1>-<user2>.<date>.log. The replay command is included to
review session log files created via sslogger, creating an audit trail
of all actions performed by users.
Privileged user escalation is set by standard sudo rules in sudoers
file.
OPTIONS
sl accepts the following command line options:
-u <USER>
Run command or interactive shell as USER
-h Stay in current working directory, do not cd to USER home dir
-f Flush buffer on every newline
["command and args"]
Execute "command and args" instead if interactive shell. Pro-
vides ability run sloggger within a script. non-interactive mode
The replay command can be used to repaly recorded sessions
replay <filename>
Replays interactive session identified by filename
replay help:
Press the following keys during the replay session
f Find a string (not implemented yet)
n Find the next match (not yet implemented)
r Find backwards (not implemented yet)*
b Back up 20 chars
1-9 Set replay speed, <space> to pause
<enter> Display next line enter
<space> Display next char
q quit
RETURN VALUES
In interactive mode, always exits 0.
When run in a non-interactive mode, sl returns the value of the command
being run.
FILES
/etc/sloger.conf
Configuration file
/etc/sudoers
Sudo Config file - see man sudoers(5) for details
/var/log/sl
Default directory in which sessions are logged
CONFIGURATION FILES
Sample entry for user1 and user2 in /etc/sudoers:
#Group Privileged access
User_Alias SSERS = user1,user2
Cmnd_Alias SL = /usr/bin/sslogger
SSERS ALL = (root,user3) NOPASSWD: SL
# user1 and user2 can now get an interactive root shell for root
and user3
# while logging all keystrokes
Config file /etc/sslogger.conf:
#Minimum Comment length in chars
#an entry of 0 will skip reason for asking for a shell
min_comment=10
#
#Maximum Comment Length in chars written to syslog
#Comment Length in the session logfile is currently unlimited
max_comment=200
/etc/group:
#To allow user2 to replay all session files, add user2 to the
sloggers group
sloggers:x:480:user2
EXAMPLES
Note: the following examples assume suitable sudoers(5) entries.
$ sl
- Obtains an interactive shell as root.
$ sl "ls -l /root"
- Runs a command as root, then exists.
$ sl -u user2
- Obtains an interactive shell as another user.
$sl -u user2 -h
- Obtains an interactive shell as user2 whilst remaining in the
current working directory.
$ replay <filename>
- Replays an interactive session log (requires user to be added
to sloggers group, see (CONFIGURATION FILES)
BUGS
If you feel you have found a bug in slogger, please submit a bug report
at http://XXXXX
SUPPORT
Limited free support is available via the slogger-users mailing list,
see http://xxxxxx to subscribe or search the archives.
AUTHOR
Edward Brand <edbrand@brandint.com>
SEE ALSO
sudo(8), suders(8), su(2)
Linux Febuary 2009 sslogger(8)