Re: loging user's commands

From: Seth Arnold (sarnold@wirex.com)
Date: 12/18/01


Date: Tue, 18 Dec 2001 12:25:39 -0800
From: Seth Arnold <sarnold@wirex.com>
To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com>


On Tue, Dec 18, 2001 at 03:35:19PM -0300, Juan Ignacio Trentalance wrote:
> Does anybody know a way to log everything a user types and sees on a ssh or
> telnet "console"?

I imagine ssh or telnet code ought to be easy enough to modify to
achieve this goal.

> I came up with the idea of using "exec /usr/bin/script" on the user's
> profile or something like that, but that seems very easy to foul if you are
> smart enough. If you know of a (preferably open source) product that can do
> this, I will be very thankfull.

Well, as I understand script's implementation (or, historical
implementation, I should say..) what it logs ought to be alright. You
run a larger risk of someone tampering with the log file outright .. It
might be worth efforts to send the logfile to another computer? (Perhaps
using FIFOs and netcat?)

There are other programs, such as 'ttysnoop', that have done this job in
the past, but .. if they still work, or if they work for you, is another
matter.

Cheers!

-- 
"In God we trust, all others we monitor."
 -- NSA, Intercept Operators's motto, 1970