From owner-freebsd-questions Mon Jul 13 10:57:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA05221 for freebsd-questions-outgoing; Mon, 13 Jul 1998 10:57:58 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dns.webwizard.net.mx (mexcom.net.mx [207.249.162.140]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA05215 for ; Mon, 13 Jul 1998 10:57:54 -0700 (PDT) (envelope-from rafareta@mexcom.net.mx) Received: from mexcom.net.mx (rafa.nix.mexcom.net [206.103.64.101]) by dns.webwizard.net.mx (8.8.8/8.8.7) with ESMTP id MAA19159 for ; Mon, 13 Jul 1998 12:56:50 -0500 (CDT) Message-ID: <35AA4A58.72DDC058@mexcom.net.mx> Date: Mon, 13 Jul 1998 12:56:40 -0500 From: "Rafael A. Reta Rodriguez" Organization: MexCom.Net X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD sunix3.0.1 i386) MIME-Version: 1.0 To: "freebsd-questions@FreeBSD.ORG" Subject: Re: Q: Logging a telnet session References: <19980712094453.K23241@freebie.lemis.com> <19980712191108.M754@freebie.lemis.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greg Lehey wrote: > > On Sunday, 12 July 1998 at 11:24:15 +0200, Malte Lance wrote: > > > > On 12-Jul-98 Greg Lehey wrote: > >> On Saturday, 11 July 1998 at 19:07:40 +0200, Malte Lance wrote: > >>> > >>> On 10-Jul-98 Greg Lehey wrote: > >>>> On Friday, 10 July 1998 at 10:56:58 +0200, Malte Lance wrote: > >>>>> On 10-Jul-98 Elliot Finley wrote: > >>>>>> Hello, > >>>>>> Is there anyway to log a telnet session into my machine? I have > >>>>>> a user that telnets in, and I suspect malicious intent from him. Is > >>>>>> there any way to log every keystroke that he types? > >>>>> > >>>>> Have a look at "man watch" > >>>>> You'll need snp-pseudo-devices in your kernel-config. > >>>> > >>>> Unfortunately this only works at the originating end. But it works > >>>> pretty well there. > >>> > >>> Not that i know of such a restriction. Maybe i misunderstood your reply. > >> > >> Watch applies to a tty device. There are no tty devices involved at > >> the telnetd end. > > > > So what about the ttyp ??? > > > > neuron:~> w > > 11:21am up 14 mins, 7 users, load averages: 0.24, 0.23, 0.19 > > USER TTY FROM LOGIN@ IDLE WHAT > > malte p5 vampire 11:20am - (bash) > > > > and "watch -iW ttyp5" works very well. What is your point ? > > Touché. I forgot about that. > > Greg I add the pseudo-device snp line and recompiled my kernel but I still get the same message watch: fatal: cannot open snoop device Is there something else to do? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message