sudosh

Let’s install a shell called sudosh with which we can record video-like sessions initiated on our server. This can be useful if we have to give temporary access to a third party or even if we want to have a record as a black box.

First of all, it should be noted that this shell is a bit limited. For day-to-day actions, it won’t give any problems, but when running scripts and in some other more exotic cases, it may give problems.

We clone the tool in question, compile and install:

git clone https://github.com/joeripronk/sudosh3.git
cd sudosh3/
./configure
make
make install

We check the config in case we want to tweak something:

cat /etc/sudosh.conf

We add the new shell to the list of available shells:

vi /etc/shells

/usr/local/bin/sudosh

We change the shell of the user we are interested in:

vi /etc/passwd

root:x:0:0:root:/root:/usr/local/bin/sudosh

When a login is made, a session record will be saved. To see the available sessions:

sudosh-replay

Date                Duration From         To           ID
====                ======== ====         ==           ==
06/21/2017 14:04:07 12s      root         root         root-root-1498046647-qrroowRP8pUewq0C

To play the session:

sudosh-replay root-root-1498046647-qrroowRP8pUewq0C

It is possible to play back by modifying the playback speed and how much idle time to allow. For example, we will play the session at normal speed, but if there is 1s or more of inactivity, the next command will be played back without having to wait:

sudosh-replay root-root-1498046647-qrroowRP8pUewq0C 1 1