1
I have the ability to configure IO logging for sudo by setting iolog_dir, and according to the sudoers man page, these are the following variables I can use:
%{seq}
expanded to a monotonically increasing base-36 sequence number, such as 0100A5, where every two digits are used to form a new directory, e.g. 01/00/A5
%{user}
expanded to the invoking user's login name
%{group}
expanded to the name of the invoking user's real group ID
%{runas_user}
expanded to the login name of the user the command will be run as (e.g. root)
%{runas_group}
expanded to the group name of the user the command will be run as (e.g. wheel)
%{hostname}
expanded to the local host name without the domain name
%{command}
expanded to the base name of the command being run
I understand the purpose of all of these variables, except for %{seq}. I can't see a benefit of expanding a variable that produces something like this. Can someone explain why this exists?
EDIT: My coworker actually found an answer for me. It seems that you can use a command called sudoreplay along with a given sequence number to literally replay a given sudo session in real time. I didn't know about it before today, and it's pretty cool to see it happen in my terminal, but I don't think I will ever actually use it.
Nathan Lee
Posted 2018-01-10T19:43:08.060
Reputation: 11
I would assume its the userID. just a guess. – Frank Thomas – 2018-01-10T19:51:30.927
See this article
– harrymc – 2018-01-10T20:45:20.920I had already seen that article, but it didn't explain the purpose of a sequence number. Luckily, my coworker actually found an answer for me. It seems that you can use a command called
sudoreplayalong with a given sequence number to literally replay a given sudo session in real time. – Nathan Lee – 2018-01-10T21:21:46.460It would be better to post the answer as an answer not an edit to the question - then you can accept it and thus it does not show as an unanswered quesion – Ross – 2018-01-10T22:52:17.323