From: Tim Walberg <twalberg@mindspring.com>
To: Tyler <tyler@zerodivide.cx>
Cc: linux-admin@vger.kernel.org
Subject: Re: Remote login Typed commands
Date: Mon, 17 Jun 2002 10:30:47 -0500 [thread overview]
Message-ID: <20020617103047.A6901@mindspring.com> (raw)
In-Reply-To: <20020617111617.C7936@zerodivide.cx> from Tyler on 06/17/2002 10:16
[-- Attachment #1: Type: text/plain, Size: 1296 bytes --]
one method I've used before is to replace the user's shell in
/etc/passwd with a script that straces the user's real shell,
and logs all exec system calls (i.e. 'strace -ftv -e trace=process -o <somefile> <realshell>')
On 06/17/2002 11:16 -0400, Tyler wrote:
>> On Mon, Jun 17, 2002 at 09:09:39AM -0600, Abiy,Mike [Edm] wrote:
>> >
>> > The part that I am more concerned about is the keystrokes used (commands
>> > run) during the the rmote login session. i can find out who logged in from
>> > the wtmp file in /var/log , but i would like to be able to find what
>> > commands they used during a particular session.
>> > thanks
>> > mike
>>
>> Not really, unless you set up a keystroke logger ahead of time. You
>> could always read the user's ~/.bash_history or equivalent, but
>> if the user is doing something malicious, he or she will probably remove
>> or alter that file.
>>
>> --
>> tyler at zerodivide dot cx
>> AIM: zerodivide1101
>> Mobile SMS: tyler-mobile at zerodivide dot cx
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
End of included message
--
twalberg@mindspring.com
[-- Attachment #2: Type: application/pgp-signature, Size: 174 bytes --]
next prev parent reply other threads:[~2002-06-17 15:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-17 15:09 Remote login Typed commands Abiy,Mike [Edm]
2002-06-17 15:16 ` Tyler
2002-06-17 15:30 ` Tim Walberg [this message]
2002-06-17 20:38 ` James
2002-06-17 23:05 ` Glynn Clements
-- strict thread matches above, loose matches on Subject: below --
2002-06-17 14:00 Abiy,Mike [Edm]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020617103047.A6901@mindspring.com \
--to=twalberg@mindspring.com \
--cc=linux-admin@vger.kernel.org \
--cc=tyler@zerodivide.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.