mirror of https://github.com/sudo-project/sudo.git
203 lines
6.0 KiB
Plaintext
203 lines
6.0 KiB
Plaintext
.\"
|
|
.\" SPDX-License-Identifier: ISC
|
|
.\"
|
|
.\" Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.Dd July 14, 2024
|
|
.Dt SUDO_SENDLOG @mansectsu@
|
|
.Os Sudo @PACKAGE_VERSION@
|
|
.Sh NAME
|
|
.Nm sudo_sendlog
|
|
.Nd send sudo I/O log to log server
|
|
.Sh SYNOPSIS
|
|
.Nm sudo_sendlog
|
|
.Op Fl AnV
|
|
.Op Fl b Ar ca_bundle
|
|
.Op Fl c Ar cert_file
|
|
.Op Fl h Ar host
|
|
.Op Fl i Ar iolog-id
|
|
.Op Fl k Ar key_file
|
|
.Op Fl p Ar port
|
|
.Op Fl r Ar restart-point
|
|
.Op Fl R Ar reject-reason
|
|
.Op Fl s Ar stop-point
|
|
.Op Fl t Ar number
|
|
.Ar path
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
can be used to send the existing
|
|
.Nm sudoers
|
|
I/O log
|
|
.Ar path
|
|
to a remote log server such as
|
|
.Xr sudo_logsrvd @mansectsu@
|
|
for central storage.
|
|
.Pp
|
|
The options are as follows:
|
|
.Bl -tag -width Ds
|
|
.It Fl A , -accept-only
|
|
Only send the accept event, not the I/O associated with the log.
|
|
This can be used to test the logging of accept events without
|
|
any associated I/O.
|
|
.It Fl b , -ca-bundle
|
|
The path to a certificate authority bundle file, in PEM format,
|
|
to use instead of the system's default certificate authority database
|
|
when authenticating the log server.
|
|
The default is to use the system's default certificate authority database.
|
|
.It Fl c , -cert
|
|
The path to the client's certificate file in PEM format.
|
|
This setting is required when the connection to the remote log server
|
|
is secured with TLS.
|
|
.It Fl -help
|
|
Display a short help message to the standard output and exit.
|
|
.It Fl h , -host
|
|
Connect to the specified
|
|
.Ar host
|
|
instead of localhost.
|
|
.It Fl i , -iolog-id
|
|
Use the specified
|
|
.Ar iolog-id
|
|
when restarting a log transfer.
|
|
The
|
|
.Ar iolog-id
|
|
is reported by the server when it creates the remote I/O log.
|
|
This option may only be used in conjunction with the
|
|
.Fl r
|
|
option.
|
|
.It Fl k , -key
|
|
The path to the client's private key file in PEM format.
|
|
This setting is required when the connection to the remote log server
|
|
is secured with TLS.
|
|
.It Fl n , -no-verify
|
|
If specified, the server's certificate will not be verified during
|
|
the TLS handshake.
|
|
By default,
|
|
.Nm
|
|
verifies that the server's certificate is valid and that it contains either
|
|
the server's host name or its IP address.
|
|
This setting is only supported when the connection to the remote log server
|
|
is secured with TLS.
|
|
.It Fl p , -port
|
|
Use the specified network
|
|
.Ar port
|
|
when connecting to the log server instead of the
|
|
default, port 30344.
|
|
.It Fl r , -restart
|
|
Restart an interrupted connection to the log server.
|
|
The specified
|
|
.Ar restart-point
|
|
is used to tell the server the point in time at which to continue the log.
|
|
The
|
|
.Ar restart-point
|
|
is specified in the form
|
|
.Dq seconds,nanoseconds
|
|
and is usually the last commit point received from the server.
|
|
The
|
|
.Fl i
|
|
option must also be specified when restarting a transfer.
|
|
.It Fl R , -reject
|
|
Send a reject event for the command using the specified
|
|
.Ar reject-reason ,
|
|
even though it was actually accepted locally.
|
|
This can be used to test the logging of reject events; no I/O
|
|
will be sent.
|
|
.It Fl s , -stop-after
|
|
Stop sending log records and close the connection when
|
|
.Ar stop-point
|
|
is reached.
|
|
This can be used for testing purposes to send a partial I/O log to the server.
|
|
Partial logs can be restarted using the
|
|
.Fl r
|
|
option.
|
|
The
|
|
.Ar stop-point
|
|
is an elapsed time specified in the form
|
|
.Dq seconds,nanoseconds .
|
|
.It Fl t , -test
|
|
Open
|
|
.Ar number
|
|
simultaneous connections to the log server and send the specified
|
|
I/O log file on each one.
|
|
This option is useful for performance testing.
|
|
.It Fl V , -version
|
|
Print the
|
|
.Nm
|
|
version and exit.
|
|
.El
|
|
.Ss Debugging sendlog
|
|
.Nm
|
|
supports a flexible debugging framework that is configured via
|
|
.Em Debug
|
|
lines in the
|
|
.Xr sudo.conf @mansectform@
|
|
file.
|
|
.Pp
|
|
For more information on configuring
|
|
.Xr sudo.conf @mansectform@ ,
|
|
refer to its manual.
|
|
.Sh FILES
|
|
.Bl -tag -width 24n
|
|
.It Pa @sysconfdir@/sudo.conf
|
|
Sudo front-end configuration
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr sudo.conf @mansectform@ ,
|
|
.Xr sudo @mansectsu@ ,
|
|
.Xr sudo_logsrv.proto @mansectform@ ,
|
|
.Xr sudo_logsrvd @mansectsu@
|
|
.Sh AUTHORS
|
|
Many people have worked on
|
|
.Nm sudo
|
|
over the years; this version consists of code written primarily by:
|
|
.Bd -ragged -offset indent
|
|
.An Todd C. Miller
|
|
.Ed
|
|
.Pp
|
|
See the CONTRIBUTORS.md file in the
|
|
.Nm sudo
|
|
distribution (https://www.sudo.ws/about/contributors/) for an
|
|
exhaustive list of people who have contributed to
|
|
.Nm sudo .
|
|
.Sh BUGS
|
|
If you believe you have found a bug in
|
|
.Nm ,
|
|
you can either file a bug report in the sudo bug database,
|
|
https://bugzilla.sudo.ws/, or open an issue at
|
|
https://github.com/sudo-project/sudo/issues.
|
|
If you would prefer to use email, messages may be sent to the
|
|
sudo-workers mailing list,
|
|
https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
|
|
or <sudo@sudo.ws> (private).
|
|
.Pp
|
|
Please not report security vulnerabilities through public GitHub
|
|
issues, Bugzilla or mailing lists.
|
|
Instead, report them via email to <Todd.Miller@sudo.ws>.
|
|
You may encrypt your message with PGP if you would like, using
|
|
the key found at https://www.sudo.ws/dist/PGPKEYS.
|
|
.Sh SUPPORT
|
|
Limited free support is available via the sudo-users mailing list,
|
|
see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
|
|
search the archives.
|
|
.Sh DISCLAIMER
|
|
.Nm
|
|
is provided
|
|
.Dq AS IS
|
|
and any express or implied warranties, including, but not limited
|
|
to, the implied warranties of merchantability and fitness for a
|
|
particular purpose are disclaimed.
|
|
See the LICENSE.md file distributed with
|
|
.Nm sudo
|
|
or https://www.sudo.ws/about/license/ for complete details.
|