Merge pull request #31 from wpoely86/sudo

Fix + extend sudo patterns

Author: smoors

files/sudo

@@ -6,7 +6,10 @@ SUDO_COMMAND COMMAND=%{GREEDYDATA:sudo_command}
 SUDO_USER %{NOTSPACE:sudo_user}
 SUDO_RUNAS USER=%{NOTSPACE:sudo_runas}
 
-SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : %{SUDO_TTY} ; %{SUDO_PWD} ; %{SUDO_RUNAS} ; %{SUDO_COMMAND}
+# for PUN of Open Ondemand
+SUDO_OOD_PUN COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage %{NOTSPACE:pun_command} -u %{NOTSPACE:pun_user} .*
+
+SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : (?:%{SUDO_TTY} ; )?%{SUDO_PWD} ; %{SUDO_RUNAS} ; (?:%{SUDO_OOD_PUN}|%{SUDO_COMMAND})
 SUDO_INFO_PAM_UNIX_SESSION_OPENED pam_unix\(sudo:session\): (?<sudo_message>session opened) for user %{NOTSPACE:sudo_runas} by %{SUDO_USER}\(uid=%{NUMBER}\)
 SUDO_INFO_PAM_UNIX_SESSION_CLOSED pam_unix\(sudo:session\): (?<sudo_message>session closed) for user %{NOTSPACE:sudo_runas}
 

tests/data/sudo

@@ -45,4 +45,16 @@ data = [
             "sudo_command": "../../../module/harm/plugin/script/harm_mgr.sh floatIP.sh status active key1=value1; 0 ha2",
         },
     },
+    {
+        "raw": "<85>1 2025-03-18T15:11:22.912566+01:00 ood11 sudo: - sudo:    apache : PWD=/ ; USER=root ; COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage pun -u vsc10520 -a https%3a%2f%2fportal.hpc.vub.be%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri",
+        "expected": {
+            "@source_host": "ood11",
+            "program": "sudo",
+            "sudo_pwd": "/",
+            "sudo_runas": "root",
+            "sudo_user": "apache",
+            "pun_command": "pun",
+            "pun_user": "vsc10520",
+        },
+    },
 ]