Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Jul 1998 12:56:40 -0500
From:      "Rafael A. Reta Rodriguez" <rafareta@mexcom.net.mx>
To:        "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Q: Logging a telnet session
Message-ID:  <35AA4A58.72DDC058@mexcom.net.mx>
References:  <19980712094453.K23241@freebie.lemis.com> <XFMail.980712112415.malte@webmore.com> <19980712191108.M754@freebie.lemis.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Greg Lehey wrote:
> 
> On Sunday, 12 July 1998 at 11:24:15 +0200, Malte Lance wrote:
> >
> > On 12-Jul-98 Greg Lehey wrote:
> >> On Saturday, 11 July 1998 at 19:07:40 +0200, Malte Lance wrote:
> >>>
> >>> On 10-Jul-98 Greg Lehey wrote:
> >>>> On Friday, 10 July 1998 at 10:56:58 +0200, Malte Lance wrote:
> >>>>> On 10-Jul-98 Elliot Finley wrote:
> >>>>>> Hello,
> >>>>>>      Is there anyway to log a telnet session into my machine?  I have
> >>>>>> a user that telnets in, and I suspect malicious intent from him.  Is
> >>>>>> there any way to log every keystroke that he types?
> >>>>>
> >>>>> Have a look at "man watch"
> >>>>> You'll need snp-pseudo-devices in your kernel-config.
> >>>>
> >>>> Unfortunately this only works at the originating end.  But it works
> >>>> pretty well there.
> >>>
> >>> Not that i know of such a restriction. Maybe i misunderstood your reply.
> >>
> >> Watch applies to a tty device.  There are no tty devices involved at
> >> the telnetd end.
> >
> > So what about the ttyp<n> ???
> >
> > neuron:~> w
> > 11:21am  up 14 mins, 7 users, load averages: 0.24, 0.23, 0.19
> > USER     TTY FROM              LOGIN@  IDLE WHAT
> > malte    p5  vampire          11:20am     -  (bash)
> >
> > and "watch -iW ttyp5" works very well. What is your point ?
> 
> Touché.  I forgot about that.
> 
> Greg

I add the pseudo-device snp line and recompiled my kernel but I still
get the same message 

watch: fatal: cannot open snoop device

Is there something else to do?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35AA4A58.72DDC058>