From owner-freebsd-questions Wed Aug 14 11:18:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D6F137B400 for ; Wed, 14 Aug 2002 11:18:09 -0700 (PDT) Received: from munkboxen.mine.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB44143E4A for ; Wed, 14 Aug 2002 11:18:05 -0700 (PDT) (envelope-from munk@munkboxen.mine.nu) Received: from munkboxen.mine.nu (localhost [127.0.0.1]) by munkboxen.mine.nu (8.12.5/8.12.3) with ESMTP id g7EJFZEw081763; Wed, 14 Aug 2002 19:15:35 GMT (envelope-from munk@munkboxen.mine.nu) Received: (from munk@localhost) by munkboxen.mine.nu (8.12.5/8.12.3/Submit) id g7EJFZri081762; Wed, 14 Aug 2002 19:15:35 GMT Date: Wed, 14 Aug 2002 19:15:34 +0000 From: Jez Hancock To: Josh Paetzel Cc: FreeBSD questions List Subject: Re: Keylogging for a tty session Message-ID: <20020814191534.B81327@munkboxen.mine.nu> Mail-Followup-To: Josh Paetzel , FreeBSD questions List References: <20020813230737.E27430-100000@earl-grey.cloud9.net> <1029327728.305.36.camel@heater.vladsempire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1029327728.305.36.camel@heater.vladsempire.net>; from friar_josh@webwarrior.net on Wed, Aug 14, 2002 at 12:22:05PM +0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Aug 14, 2002 at 12:22:05PM +0000, Josh Paetzel wrote: > This help? > > WATCH(8) FreeBSD System Manager's Manual > > NAME > watch - snoop on another tty line > > SYNOPSIS > watch [-cinotW] [-f snpdev] [tty] > > DESCRIPTION > Watch allows the user to examine all data coming through a > specified tty using the snp(4) device. If the snp(4) device is not > available, watch will attempt to load the module (snp). Watch writes to > standard output. Any ideas how to start logging to a file using watch in a way that's transparent to the user when they login via ssh? In this case 'transparent' in that the user has no way of stopping the logging. I wouldn't use this on regular users as I don't know how ethical it is to log keystrokes as an administrator, even if you own the network. At the end of the day if a user pays for a service, shouldn't they have some degree of privacy, even from admins? But then again perhaps monitoring the many and punishing the few so that the many will be saved denial of service perhaps justifies logging keystrokes. Cheers, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message