Re: loging user's commands
From: Seth Arnold (sarnold@wirex.com)Date: 12/18/01
- Previous message: Stephen E. Hargrove: "Re: Logcheck entries"
- In reply to: Juan Ignacio Trentalance: "loging user's commands"
- Next in thread: Zeshan Ghory: "Re: loging user's commands"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Dec 2001 12:25:39 -0800 From: Seth Arnold <sarnold@wirex.com> To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com>
On Tue, Dec 18, 2001 at 03:35:19PM -0300, Juan Ignacio Trentalance wrote:
> Does anybody know a way to log everything a user types and sees on a ssh or
> telnet "console"?
I imagine ssh or telnet code ought to be easy enough to modify to
achieve this goal.
> I came up with the idea of using "exec /usr/bin/script" on the user's
> profile or something like that, but that seems very easy to foul if you are
> smart enough. If you know of a (preferably open source) product that can do
> this, I will be very thankfull.
Well, as I understand script's implementation (or, historical
implementation, I should say..) what it logs ought to be alright. You
run a larger risk of someone tampering with the log file outright .. It
might be worth efforts to send the logfile to another computer? (Perhaps
using FIFOs and netcat?)
There are other programs, such as 'ttysnoop', that have done this job in
the past, but .. if they still work, or if they work for you, is another
matter.
Cheers!
-- "In God we trust, all others we monitor." -- NSA, Intercept Operators's motto, 1970
- application/pgp-signature attachment: stored
- Previous message: Stephen E. Hargrove: "Re: Logcheck entries"
- In reply to: Juan Ignacio Trentalance: "loging user's commands"
- Next in thread: Zeshan Ghory: "Re: loging user's commands"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
