I would always like to use the sudo command when operating as our “serveruser” so that all my actions are recorded in the sudo log and I can reverse engineer it later. I however do not want to type sudo -u serveruser everytime and would prefer not to create an alias. Is there a program or something where I can execute a shell such that every command I run is actually prefixing it with sudo -u serveruser instead so it feels like I am the user himself.
If so, I can set it up for all admins and they would not even really notice a difference and we get history logging for free with sudo logging.
EDIT: What I am looking for is these things
- very simple setup (our sudo is already setup except this sudo like shell that would be nice)
- logs timestamp
- logs user executing command (ie. possibly me, dean in this case)
- logs the user they executed the command as (ie. serveruser in this case)
- logs the actual command
sudo does 2-5 out of the box but I am trying to figure out #1 for users as we(people on this team) do not want to be typing sudo all the time :(.
EDIT: Maybe there is a way to suck in stdin and stdout in bash to write a script so one could call sudoshell -u username and any commands I type in on stdin except “exit” are then run with sudo -u username. Is there a way to have a script like this instead that all our admins can run? and then when someone runs sudo su – I can log a message to run that shell instead as follows….that would work very well. Any idea how to do that?
What you are looking for is an audit trail. Sudo would provide it (with limitations), but there are other ways to accomplish it.
If you just need recorded what has been typed into the shell and do not feel like installing additional software packages, bash 4 can be configured for logging the history through syslog.
You also could choose from the available lot of audit packages. A quick & simple solution could be the Snoopy logger.