From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Subject: Re: Remote login Typed commands Date: Mon, 17 Jun 2002 21:38:34 +0100 Sender: linux-admin-owner@vger.kernel.org Message-ID: <20020617203834.GX29977@piku.org.uk> References: <3FFCFC6BDD6BD5118FC700805F9F5E700856E0@SR-EDM-EXCH5> <20020617111617.C7936@zerodivide.cx> Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: <20020617111617.C7936@zerodivide.cx> List-Id: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-admin@vger.kernel.org On Mon, Jun 17, 2002 at 11:16:17AM -0400, Tyler wrote: | On Mon, Jun 17, 2002 at 09:09:39AM -0600, Abiy,Mike [Edm] wrote: | > | > The part that I am more concerned about is the keystrokes used (commands | > run) during the the rmote login session. i can find out who logged in from | > the wtmp file in /var/log , but i would like to be able to find what | > commands they used during a particular session. | > thanks | > mike | | Not really, unless you set up a keystroke logger ahead of time. You | could always read the user's ~/.bash_history or equivalent, but | if the user is doing something malicious, he or she will probably remove | or alter that file. Beware it might be an invasion of their privacy, and you might capture "sensitive" things like passwords for other systems and their credit card details. Also they might just log in, type 'sh' and all you'll see is they started a new shell and that's it, unless you're somehow intercepting data coming across the network (which'd fail if they use SSH). -- I will not waste chalk PGP Fingerprint [6AD6 865A BF6E 76BB 1FC2 E4C4 DEEA 7D08 D511 E149] PGP Public key [www.piku.org.uk/public-key.asc] - Home [www.piku.org.uk]