From owner-freebsd-security@FreeBSD.ORG Wed Jan 2 00:37:01 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1861C16A468 for ; Wed, 2 Jan 2008 00:37:01 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id E0F4C13C469 for ; Wed, 2 Jan 2008 00:37:00 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so9099077waf.3 for ; Tue, 01 Jan 2008 16:37:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=vESJmiWwMkRIbl6UN2h/NQJdcnVfW8WnTa0dw2/GK30=; b=Lnf0hzCiukaRBhHohDRZgtsJZzMviMY4ZjcT9R0DLc08TUeb02AUVJ1U913UvWvnTa2fvWF48/NMPn1LggqztSB0Xijqzm6umFgl6DEPNCcO1sz9JyP0meDbxhpphxJHC4jYSKpDE3+CSadT2knzgEfOFfxckUdBz3D57Vp3Cn4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AlzRx8PKMR5gFNsBDxWLc/FSsYX3cu0DoFjjhlaIrink5DR7ivYBooB1DxaHixMfTTwXgYBthrDDVZR7lR81uJgJVwR6oc5fWVeml5ulEiq6f0WR6/6HEBmk0vo3UTcNOchV3MWURlnCddaySiXTzjZm3tDK5vt/PUim8gEubXo= Received: by 10.114.179.1 with SMTP id b1mr14100892waf.143.1199234220606; Tue, 01 Jan 2008 16:37:00 -0800 (PST) Received: by 10.115.110.4 with HTTP; Tue, 1 Jan 2008 16:37:00 -0800 (PST) Message-ID: Date: Wed, 2 Jan 2008 08:37:00 +0800 From: "Anjang Aki" To: "Jason Chambers" In-Reply-To: <477ABD07.3020102@ucla.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <477ABD07.3020102@ucla.edu> Cc: freebsd-security@freebsd.org, mailman.msc@gmail.com Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 00:37:01 -0000 Greetings again, Seems like this utility suits my need. I have installed it using ports but couldn't find any clue where the log file for snoopy is saved or whether snoopy is running on my system. Based on Kevin K reply: "You could also just run the watch command in a screen session or even daemonize it, if possible." ..perhaps this watch process can be automated using script but my scripting skills is poor. Any advice is greatly appreciated in advanced. Regards, On 1/2/08, Jason Chambers wrote: > Old, but good. > > /usr/ports/security/snoopy/pkg-descr > > snoopy is merely a shared library that is used as a wrapper > to the execve() function provided by libc as to log every call > to syslog (authpriv). system administrators may find snoopy > useful in tasks such as light/heavy system monitoring, tracking other > administrator's actions as well as getting a good 'feel' of > what's going on in the system (for example apache running cgi > scripts). > > WWW: http://sourceforge.net/projects/snoopylogger/ > > > > Anjang Aki wrote: > > Greetings, > > > > I've been looking for a proper way to to track down user's activity > > inside the shell as I'm helping my colleague to configure a web > > hosting and shell hosting server. > > > > > > -- -- Anjang Aki --