Re: Somewhat OT: Is Full Command Logging Possible?

Tue, 18 Dec 2012 20:21:57 -0800 

On 12/18/2012 10:10 PM, Devin Teske wrote:


On Dec 18, 2012, at 6:20 PM, Tim Daneliuk wrote:


On 12/18/2012 08:03 PM, Devin Teske wrote:


On Dec 18, 2012, at 5:43 PM, Tim Daneliuk wrote:


On 12/18/2012 07:33 PM, Devin Teske wrote:


On Dec 18, 2012, at 5:18 PM, Tim Daneliuk wrote:







One further question, if I may.  If I do this:

   sudo su -

Will log_input record everything I do once I've been promoted to
root?  I ask because my initial experiments seem to show that all
that's getting recorded is the content of the sudo command itself,
not the subsequent actions…



Correct, sudo is blind to the actions performed once the command requested is executed 
(in this case, "su" and subsequently a shell followed by more actions).



Actually, I just tried this with both log_input and log_output options enabled.
It seems that it *can* see into the promoted shell with a few caveats:

  - Command output is logged immediately, but command inputs appear to only
    be written to the log when you exit the promoted shell.  This may be
    not quite right - there may have not been enough input to cause a
    write flush to the log.

  - The logging seems to be able to see into a spawned subshell, but
    I don't think it can see input/output if you, say, kick off an xterm.



What about if you do "sudo vim" and then type ":sh" ?


Yep, I just tried that too.  It catches that.  It also catches
the in/output of subshells - like, say, kicking off sh interactively.
Similarly, if you're running text-based emacs, it catches the output
of spawning to a shell from there and doing things.

The only restriction I have run into so far, it that - for obvious
reasons - sudo cannot see into what you're doing if you kick off
an X application like xterm or graphical emacs, for instance.



What about screen or tmux? (wondering if the transition into multiplexed shell 
is anywhere as opaque as X11).



It definitely works if you are in a screen session and sudo su - from there.  I 
have
not tried promoting myself to root and THEN starting the screen session (I 
don't use tmux).

--
----------------------------------------------------------------------------
Tim Daneliuk     tun...@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"























					Reply via email to