Date: Fri, 8 Dec 2000 12:36:14 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Torbjorn Kristoffersen <sgt@netcom.no> Cc: FreeBSD-Hackers <hackers@FreeBSD.org> Subject: Re: Kernel question (detecting a user log-on) Message-ID: <20001208123614.A451@ringworld.oblivion.bg> In-Reply-To: <Pine.BSF.4.30.0012072122130.1136-100000@hal.netforce.no>; from sgt@netcom.no on Thu, Dec 07, 2000 at 09:30:54PM %2B0100 References: <Pine.BSF.4.30.0012072122130.1136-100000@hal.netforce.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 07, 2000 at 09:30:54PM +0100, Torbjorn Kristoffersen wrote: > Hi Hackers, > > I'm wondering about two things, how does the kernel detect that a > user logs on a tty, and what should I know if I was to write a kernel > module that detects it (And does something about it)? Must I > read the TCP in-packets for port 23 and detect if a user logged on? > I'm pretty unsure about this.. > > I know it could easier be implemented in userland by reading the > _PATH_UTMP file, but I'm more interested in doing it in kernel space. Generally the kernel does not know anything about user logins. Those are handled either by login(1) in the case of console, serial or telnet logins, or by sshd(8) and similar remote login daemons. Monitoring TCP activity on port 23 would only catch plain telnet logins, and probably not always. You'd be far better off hacking support for what you need into login(1), sshd(8) and all other such daemons; or a much simpler, though FreeBSD-specific solution (not that hacking login(1) isn't FreeBSD-specific) - modify the login(3) libutil function. It is used by login(1) and by the OpenSSH daemon in the FreeBSD base system; I *think* the original SSH daemon also uses it if present. You'd want to either add a syscall, or some tty ioctl to alert your kernel module about a user login, and then have login(3) perform that alert. Hope that helps, and when you come up with something working, please post more information either on the list, or to me privately - what you've hinted at doing sounds interesting :) G'luck, Peter -- This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001208123614.A451>