Getting information about a certain user's activity
Dear list readers, since I have a user on my system who keeps playing around with my nerves (tries new security holes a.s.o.) I'd like to keep track of his activity. The user logs in using a SSH connection. I'm root on that server. I'd like to see what that user sees on his console. Is there a way to get the same screen the user has? Something like tail -f /dev/pts/0 (which doesn't work)? Thanks in advance, Andreas Achtzehn -- /------------------------------------------\ | the linux-society Andreas Achtzehn| | visit us at www.linux-society.de| | or call (+49)179-4948706| \------------------------------------------/
Hi Andreas! On Sun, 26 Aug 2001, Andreas Achtzehn wrote:
Dear list readers,
since I have a user on my system who keeps playing around with my nerves (tries new security holes a.s.o.) I'd like to keep track of his activity. The user logs in using a SSH connection. I'm root on that server. I'd like to see what that user sees on his console. Is there a way to get the same screen the user has? Something like tail -f /dev/pts/0 (which doesn't work)?
try ttysnoop, though I know it works for login and telnet; maybe you can tweak it to work for ssh too. here's a guide: http://www.linuxhelp.net/guides/djg/ttysnoop.shtml it includes a link to the download; also google.com works fine. -- teodor
Good Morning,
since I have a user on my system who keeps playing around with my nerves (tries new security holes a.s.o.) I'd like to keep track of his activity. The user logs in using a SSH connection. I'm root on that server. I'd like to see what that user sees on his console. Is there a way to get the same screen the user has? Something like tail -f /dev/pts/0 (which doesn't work)?
Try SCSLog LKM, version 2.3 (or 2.2?) is part of SuSE Linux. SCSLog allows you to log important sys calls, so you can see, what the users executes, opens, etc pp. A much enhanced version (3.0) is in my CVS and will be released as soon as I ported ist to Sparc and PPC arch. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84
participants (3)
-
Andreas Achtzehn -
teo@gecadsoftware.com -
Thomas Biege