From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tyler <tyler@zerodivide.cx>
Subject: Re: Remote login Typed commands
Date: Mon, 17 Jun 2002 11:16:17 -0400
Sender: linux-admin-owner@vger.kernel.org
Message-ID: <20020617111617.C7936@zerodivide.cx>
References: <3FFCFC6BDD6BD5118FC700805F9F5E700856E0@SR-EDM-EXCH5>
Mime-Version: 1.0
Return-path: <linux-admin-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <3FFCFC6BDD6BD5118FC700805F9F5E700856E0@SR-EDM-EXCH5>; from Mike.Abiy@EC.gc.ca on Mon, Jun 17, 2002 at 09:09:39AM -0600
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: linux-admin@vger.kernel.org

On Mon, Jun 17, 2002 at 09:09:39AM -0600, Abiy,Mike [Edm] wrote:
> 
> The part that I am more concerned about is the keystrokes used (commands
> run) during the the rmote login session. i can find out who logged in from
> the wtmp file in /var/log , but i would like to be able to find what
> commands they used during a particular session.
> thanks
> mike  

Not really, unless you set up a keystroke logger ahead of time.  You
could always read the user's ~/.bash_history or equivalent, but
if the user is doing something malicious, he or she will probably remove
or alter that file.

-- 
tyler at zerodivide dot cx
AIM: zerodivide1101
Mobile SMS: tyler-mobile at zerodivide dot cx