From owner-freebsd-security Tue Jul 17 14:26:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from dros.delnoch.net (dros.delnoch.net [66.22.112.8]) by hub.freebsd.org (Postfix) with ESMTP id 7206337B406 for ; Tue, 17 Jul 2001 14:26:22 -0700 (PDT) (envelope-from jeffi@rcn.com) Received: from localhost (jeff@localhost) by dros.delnoch.net (8.11.4/8.11.4) with SMTP id f6HLP9J59886; Tue, 17 Jul 2001 17:25:10 -0400 (EDT) (envelope-from jeffi@rcn.com) X-Authentication-Warning: dros.delnoch.net: jeff owned process doing -bs Date: Tue, 17 Jul 2001 17:25:09 -0400 (EDT) From: Jeff Ito X-Sender: jeff@dros.delnoch.net To: nathan@corp.wac.com Cc: freebsd-security@freebsd.org Subject: Re: Exec logging, FreeBSD Kernel Module. In-Reply-To: <008e01c10efa$29d98a60$f5c8a8c0@NATHAN> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org if you look at the LINT file this is listed: pseudo-device snp 3 #Snoop device - to look at pty/vty/etc.. --- Jeff > got everything working with watch, i guess i've been to drunk to notice that > i > didn't do a damn MAKEDEV.. sorry about that. i figured i did. =\ > > have a great day. > > > ----- Original Message ----- > From: "Steven Ames" > To: ; "jono@networkcommand.com" > Cc: > Sent: Tuesday, July 17, 2001 12:08 PM > Subject: Re: Exec logging, FreeBSD Kernel Module. > > > > Sure. However you have to have 'snp' devices configured into the kernel. > > > > device snp > > > > In 4.X that may read something more like: > > > > device snp 1 > > > > I don't remember. > > > > -Steve > > > > ----- Original Message ----- > > From: > > To: "jono@networkcommand.com" > > Cc: > > Sent: Tuesday, July 17, 2001 2:11 PM > > Subject: Re: Exec logging, FreeBSD Kernel Module. > > > > > > > > > > to reply to your last message.. i've never been able to get watch to > work > > > properly. has anyone else? > > > > > > > > > ----- Original Message ----- > > > From: "Jon O ." > > > To: "Artur Meski" > > > Cc: > > > Sent: Tuesday, July 17, 2001 10:42 AM > > > Subject: Re: Exec logging, FreeBSD Kernel Module. > > > > > > > > > > See below: > > > > > > > > > > > > # man watch > > > > WATCH(8) FreeBSD System Manager's Manual > > > WATCH(8) > > > > > > > > NAME > > > > watch - snoop on another tty line > > > > > > > > SYNOPSIS > > > > watch [-ciotnW] [tty] > > > > > > > > DESCRIPTION > > > > Watch allows the superuser to examine all data coming through a > > > specified > > > > tty. Watch writes to standard output. > > > > > > > > > > > > > > > > # man snp > > > > SNP(4) FreeBSD Kernel Interfaces Manual > > > SNP(4) > > > > > > > > NAME > > > > snp - tty snoop interface > > > > > > > > SYNOPSIS > > > > #include > > > > > > > > > > > > > > > > > > > > On 17-Jul-2001, Artur Meski wrote: > > > > > Hi. > > > > > > > > > > I'm looking for FreeBSD Kernel Module, which will log all executed > > > commands > > > > > by users. Could somebody help me? > > > > > > > > > > -- > > > > > Artur Meski [glash@freebsd.net.pl] [tel +48606494552] > > > [http://glash.black.pl/] > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message