From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 19:44:39 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0828716A468 for ; Tue, 1 Jan 2008 19:44:39 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.176]) by mx1.freebsd.org (Postfix) with ESMTP id D25EB13C4EC for ; Tue, 1 Jan 2008 19:44:38 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so8955438waf.3 for ; Tue, 01 Jan 2008 11:44:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; bh=OssYA+Ir6PrIdNy+hvZXLz6Sq6V2tHqovsEB0Np9Ra0=; b=c8wrxVFLFRkr4mc0B7JsKXj79RIKhP9s2bYJwymCvZno6vUEtbB7x69s3snizAwD9mapMaF6qRP9hVdNYSqEasxzUELy3m6ZsOQ3Z0zqYhtikn05bi4j/ZuaVfXTzwH8vBsW7qoC3idAnqbcgVyVDbikvywfhMFwO/gt8m9wF/E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=QBzuNNyVe4HO3CfxijTqLATozRkH6GpmONCF58m/M+o+siKXCizrTeqUzcJsbIdjyKLiGLgXPiO/ZGzCVOckFc7CXKvufElmL4DENffQb4OGpSbs5tL6eVabj5LU5JEWNtn3z2iLnW6c9xoxqKKyA39IU3nsE0pH0Buzm1FSd/g= Received: by 10.114.254.1 with SMTP id b1mr13531761wai.140.1199216677725; Tue, 01 Jan 2008 11:44:37 -0800 (PST) Received: by 10.115.110.4 with HTTP; Tue, 1 Jan 2008 11:44:37 -0800 (PST) Message-ID: Date: Wed, 2 Jan 2008 03:44:37 +0800 From: "Anjang Aki" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: mailman.msc@gmail.com Subject: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 19:44:39 -0000 Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found that this 'watch' utility is very useful and are able to fulfill my needs but I can only be able to watch the activity once I'm logging to the server at the time the users are logging in. Is there is any way that logging user's activity can be done without a need for me to login at the server at the same time? Perhaps the activity can be logged into a file and I can read it later. Or is there is any other utility I can use just to monitor user's activity as the server is misused by a user previously and I don't want it to happen again in the future. Best regards, -- -- Anjang Aki -- mailman.msc@gmail.com