Forge Home

sudosh

Manage sudosh

11,874 downloads

262 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 6.5.0 (latest)
  • 6.4.0
  • 6.3.0
  • 6.2.2
  • 6.2.1
  • 6.2.0
  • 6.1.1
  • 6.1.0
  • 6.0.1
  • 6.0.0
  • 4.1.2
  • 4.1.1
released Oct 12th 2023
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-sudosh', '6.5.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-sudosh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-sudosh --version 6.5.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: audit, simp, sudosh

Documentation

simp/sudosh — version 6.5.0 Oct 12th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

sudosh

Table of Contents

  1. Module Description - What the module does and why it is useful
  2. Setup - The basics of getting started with sudosh
  3. Usage - Configuration options and additional functionality
  4. Reference
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module
  7. Acceptance Tests

Module Description

This class installs sudosh and configures rsyslog and logrotate to support it.

Sudosh supports keystroke logging for users with root privilege. By running sudo sudosh, a user will be escalated to root, but the sudosh shell will log that user's keystrokes and output it to /var/log/sudosh/log. The command sudosh-replay is used to replay the keystrokes of a session.

Setup

What sudosh affects

Sudosh installs sudosh, and optionally configures rsyslog for sudosh logging and logrotates the sudosh user data.

Setup Requirements

To enable the rsyslog and logrotate features, set simp_options::syslog and simp_options::logrotate to true in your hiera data. For example,

---
 simp_options:syslog : true
 simp_options:logrotate : true

Beginning with sudosh

This module can be used by simply including the sudosh class.

Usage

I want to ensure that my admins use sudosh specifically

To ensure admins use sudosh, so that actions are logged this is best performed with the simp/sudo module, by creating a sudo rule that ONLY allows admins to use sudosh.

Example:

sudo::user_specification { 'global_admin':
  user_list => '%administrators',
  host_list => 'ALL',
  runas     => 'ALL',
  cmnd      => '/usr/bin/sudosh',
  passwd    => 'false'
}

Reference

Classes

Public Classes

  • sudosh

Class: sudosh

This class has no parameters or options

Limitations

SIMP Puppet modules are generally intended to be used on a Red Hat Enterprise Linux-compatible distribution.

Development

Please read our Contribution Guide.

If you find any issues, they can be submitted to our JIRA.

Acceptance tests

To run the system tests, you need Vagrant installed.

You can then run the following to execute the acceptance tests:

   bundle exec rake beaker:suites

Some environment variables may be useful:

   BEAKER_debug=true
   BEAKER_provision=no
   BEAKER_destroy=no
   BEAKER_use_fixtures_dir_for_modules=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.