1sslogger(8)                      User Manuals                      sslogger(8)
2
3
4

NAME

6       sslogger  - execute a command or interactive shell, and record the out‐
7       put
8

SYNOPSIS

10       sslogger
11       sslogger [-h] [-c command]
12

DESCRIPTION

14       sslogger is session keystroke logging  utility  and  allows   permitted
15       users  to  execute  commands,  or open interactive shells. When used in
16       interactive session mode, sslogger  records  keystrokes  in  a  special
17       file. A tty is required for interactive sessions.
18
19       Two  modes  of logging are available, local logging and remote logging.
20       Remote logging is performed through  a  secure  TLS  session.  See  the
21       sslogger.conf  manpage  for details. A remote slogd server must config‐
22       ured for remote logging.
23
24       The   local   default   keystroke   log   files    are    written    to
25       /var/log/slog/<hostname>-<user1>-<user2>.<date>.log.  The  sreplay com‐
26       mand is included to review session log files created via sslogger, cre‐
27       ating   an   audit  trail  of  all  actions  performed  by  users.  The
28       keep_local_logs config setting can be set to remove the local log after
29       successful transfer to the remote slogd server.
30
31       sslogger  also  provides  the ability to run in command mode in which a
32       command can be executed. This allows  sslogger  to  be  used  within  a
33       script  in  non-interactive  script.  When  running this mode, stdin is
34       closed.
35
36       When used in combination with slog and sudo, privileged user escalation
37       can be controlled and audited by creating standard sudo rules.
38
39       By  default,  sslogger  will  change to the users home directory before
40       executing a shell or command. Use the -h flag to remain in the  current
41       working directory.
42
43       All  commands and interactive sessions write an entry to the local sys‐
44       log.
45
46

OPTIONS

48       sslogger accepts the following command line options:
49
50       -c command and args
51              Execute "command and args" instead if  interactive  shell.  Pro‐
52              vides ability run sslogger within a script. non-interactive mode
53
54       -h     Stay in current working directory, do not cd to USER home dir
55
56       -f     Flush buffer on every newline
57
58       -q     Suppress printing of SS logger start/finish information
59
60       -l     Log output of all commands
61
62       -d     Debug
63
64       The sreplay command can be used to sreplay recorded sessions
65
66       sreplay <filename>
67              Replays interactive session identified by filename
68
69

RETURN VALUES

71       In interactive mode, always exits 0.
72
73       When  run in a non-interactive mode, slog returns the value of the com‐
74       mand being run.
75
76

FILES

78       /etc/sslogger.d/sslogger.conf
79              Configuration file see man ssloggers.conf(5)
80       /etc/sudoers
81              Sudo Configuration file - see man sudoers(5) for details
82       /var/log/slog
83              Default directory in which sessions are logged
84

CONFIGURATION FILES

86       Sample sudoers entry to allow user user1 to run any command, or  inter‐
87       active shell as users: root,user2
88              user1 ALL=(root,user2) NOPASSWD:/usr/bin/sslogger
89
90       /etc/sudoers entry to allow user1 to only run "ls" as user2
91              user1    ALL=(testy2)    NOPASSWD:/usr/bin/sslogger    -c    ls,
92              /usr/bin/sslogger -c ls *
93
94       Sample sudoers entry to allow users in unix  group  wheel  to  run  any
95       sslogger command as root
96              %wheel ALL=(root) NOPASSWD:/usr/bin/sslogger
97
98       Sample sudoers entry using sudoers groups for user1 and user2
99              #Group Privileged access
100              User_Alias SSERS = user1,user2
101              Cmnd_Alias SL = /usr/bin/sslogger
102              SSERS ALL = (root,user3) NOPASSWD: SL
103              # user1 and user2 can now get an interactive root shell for root
104              and user3
105              # while logging all keystrokes
106
107       Configuration file /etc/sslogger.conf:
108              see man ssloggers.conf(5) for details
109
110
111              # Log output of all commands, even non interactive (1 is  true).
112              Default 0
113              log_all_cmds=0
114
115
116              # Minimum Comment length in chars
117              #an entry of 0 will skip reason for asking for a shell
118              min_comment=10
119
120
121              # Maximum Comment Length in chars written to syslog
122              #Comment Length in the session log file  is currently unlimited
123              max_comment=60
124
125
126              #  To allow normal users replay access to log files they create,
127              Set below to 1
128              allow_user_replay=1
129
130
131              # slogd server name or ip.
132              # If commented out or empty remote log collection is disabled
133              slogd_server=
134
135
136              #slogd service port
137              slogd_server_port=5556
138
139
140              #slogd auth type. Must match slogd server tls_authtype
141              # Current options are "x509" or "anon".
142              # Setting to x509 requires x509 tls certs
143              # to be generated and pushed to all clients. See the mkSlogCerts
144              command
145              slogd_authtype=anon
146
147
148              # When using a slogd server, and a sslogger session is over, and
149              logs are
150              # properly transferred to slogd server,  delete  the  local  log
151              file.
152              # Setting to 1 will enable keeping of all local log file.
153              keep_local_logs=0
154
155
156              #  Policy for when a connection to a slogd server is unavailable
157              or unexpectedly terminated
158              # If set to 1, ssloger will terminate if connection is broken to
159              slogd server
160              #        and  will  die if it cannot connect to the remote slogd
161              server at startup
162              # If set to 0, local logging will be used when we can  not  con‐
163              tact remote server
164              #       or when a network connection to the slogd server is bro‐
165              ken
166              require_remote_slogd=0
167
168
169
170       /etc/group:
171              #To allow user2 to replay all session files, add  user2  to  the
172              sslogger group
173              sloggers:x:480:user2
174

EXAMPLES

176       Note: the following examples assume suitable sudoers(5) entries.
177
178       $ sslogger
179              - Obtains an interactive shell, and log all keystrokes
180
181       $ sslogger -c ls -l /root
182              - Runs command, logs output if log_all_cmds=1 in sslogger.conf
183
184       $ slog -u user2
185              - Obtains an interactive shell as another user.
186
187       $ slog -u user2 -h
188              -  Obtains an interactive shell as user2 whilst remaining in the
189              current working directory.
190
191       $ sreplay <filename>
192              - Replays an interactive session log (may  require  user  to  be
193              added to sloggers group, see (CONFIGURATION FILES)
194

BUGS

196       If  you  feel  you  have  found  a bug in sslogger, please submit a bug
197       report at http://sslogger.sourceforge.net
198

SUPPORT

200       Limited free support is available via the sslogger-users mailing  list,
201       see  http://sslogger.sourceforge.net  to  subscribe  or  search the ar‐
202       chives.
203

AUTHOR

205       Edward Brand  <edbrand@brandint.com>
206

SEE ALSO

208       sslogger.conf(5)  slog(8) sreplay(8) slogd(8) sudo(8), suders(8), su(2)
209
210
211
212Linux                            February 2009                     sslogger(8)
Impressum