Sudo on IT it's FUNhttps://mksit.sknt.ru/tags/sudo/Recent content in Sudo on IT it's FUNHugoruWed, 21 Jan 2026 00:00:00 +0000Я знаю что ты делал в Sudohttps://mksit.sknt.ru/posts/%D1%8F-%D0%B7%D0%BD%D0%B0%D1%8E-%D1%87%D1%82%D0%BE-%D1%82%D1%8B-%D0%B4%D0%B5%D0%BB%D0%B0%D0%BB-%D0%B2-sudo/Wed, 21 Jan 2026 00:00:00 +0000https://mksit.sknt.ru/posts/%D1%8F-%D0%B7%D0%BD%D0%B0%D1%8E-%D1%87%D1%82%D0%BE-%D1%82%D1%8B-%D0%B4%D0%B5%D0%BB%D0%B0%D0%BB-%D0%B2-sudo/<p>В sudo есть замечательная фича - логирование ввода/вывода всего, что делает пользователь.</p> <p>Включаем логирование <strong>LOG_INPUT:LOG_OUTPUT</strong></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># /etc/sudoers.d/ansible</span> </span></span><span class="line"><span class="cl">ansible <span class="nv">ALL</span><span class="o">=(</span>ALL<span class="o">)</span> NOPASSWD:LOG_INPUT:LOG_OUTPUT: /bin/sh -c echo<span class="se">\ </span>BECOME-SUCCESS-<span class="o">[</span>a-z<span class="o">]</span>*<span class="se">\ </span><span class="p">;</span><span class="se">\ </span>/usr/bin/python3 </span></span></code></pre></div><p>Теперь всё что делает пользователь через sudo логируется. По дефолту логи пишутся в /var/log/sudo-io, но можно и поменять</p> <pre tabindex="0"><code># /etc/sudoers Defaults log_output Defaults iolog_dir=/var/log/sudo-io </code></pre><p>Просмотр сессии</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># вывести все сессии</span> </span></span><span class="line"><span class="cl">sudoreplay -l user ansible </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Jan <span class="m">21</span> 05:03:23 <span class="m">2026</span> : ansible : <span class="nv">HOST</span><span class="o">=</span>qadro-1 <span class="p">;</span> <span class="nv">CWD</span><span class="o">=</span>/home/ansible <span class="p">;</span> <span class="nv">USER</span><span class="o">=</span>root <span class="p">;</span> <span class="nv">TSID</span><span class="o">=</span>00/01/5W <span class="p">;</span> <span class="nv">COMMAND</span><span class="o">=</span>/bin/sh -c <span class="nb">echo</span> BECOME-SUCCESS-pvbadwlaiykgkvamphxervazgnbfypji <span class="p">;</span> /usr/bin/python3 </span></span><span class="line"><span class="cl">Jan <span class="m">21</span> 05:03:23 <span class="m">2026</span> : ansible : <span class="nv">HOST</span><span class="o">=</span>qadro-1 <span class="p">;</span> <span class="nv">CWD</span><span class="o">=</span>/home/ansible <span class="p">;</span> <span class="nv">USER</span><span class="o">=</span>root <span class="p">;</span> <span class="nv">TSID</span><span class="o">=</span>00/01/5X <span class="p">;</span> <span class="nv">COMMAND</span><span class="o">=</span>/bin/sh -c <span class="nb">echo</span> BECOME-SUCCESS-ctkhcyneyuapwotnsmdcmaolyrkebjai <span class="p">;</span> /usr/bin/python3 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># вывести сессию 00/01/5X</span> </span></span><span class="line"><span class="cl">sudoreplay 00/01/5X </span></span><span class="line"><span class="cl">... </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># или посмотреть в нужный файл</span> </span></span><span class="line"><span class="cl"><span class="c1"># ll /var/log/sudo-io/00/01/5X</span> </span></span><span class="line"><span class="cl">total 164K </span></span><span class="line"><span class="cl">drwx------ <span class="m">2</span> root root 4.0K Jan <span class="m">21</span> 05:03 ./ </span></span><span class="line"><span class="cl">drwx------ <span class="m">218</span> root root 4.0K Jan <span class="m">21</span> 05:03 ../ </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">136</span> Jan <span class="m">21</span> 05:03 log </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">915</span> Jan <span class="m">21</span> 05:03 log.json </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">25</span> Jan <span class="m">21</span> 05:03 stderr </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root 128K Jan <span class="m">21</span> 05:03 stdin </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">382</span> Jan <span class="m">21</span> 05:03 stdout </span></span><span class="line"><span class="cl">-r-------- <span class="m">1</span> root root <span class="m">94</span> Jan <span class="m">21</span> 05:03 timing </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">25</span> Jan <span class="m">21</span> 05:03 ttyin </span></span><span class="line"><span class="cl">-rw------- <span class="m">1</span> root root <span class="m">25</span> Jan <span class="m">21</span> 05:03 ttyout </span></span></code></pre></div>