From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 20:26:22 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C74D316A418 for ; Tue, 1 Jan 2008 20:26:22 +0000 (UTC) (envelope-from frank.mailinglists@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 7E56B13C457 for ; Tue, 1 Jan 2008 20:26:22 +0000 (UTC) (envelope-from frank.mailinglists@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so9583394pyb.10 for ; Tue, 01 Jan 2008 12:26:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=KWgbMAKAiP/C+6fRDUH/v7hIUdaaV3w4RV1RB0IZU3U=; b=M8yIwW2YijK0YG9jAe5DuSOXw+pRsocBZNThX+5XH5SffZQkyYcQT/XOy9Tl4mXAi/0B8WvMvBzWSile38Xkl5aDImrRWkMEhR4mGNS9jXR9CnLYHnUuG85+W+BAKm5GphjW8CfK5DXZRfDU0OxthK7Jpt3kMRCMh5rYvj8Iv5E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=RMT3o3nG5FXEehWKd7qAy2tdfShgtKEj0T+m5eEv7xxUeA5Zhof3hCoXchF0OqqSWPtov8vpds9dZObWa9g2TZzDcduuenq0tDOFIK5yW+3Ff0tYq3rUN5a0nCHS8q0smeREZxAHe7KIyof5mV4MIcX6l+3jeOE2oaKWQadEpac= Received: by 10.64.199.2 with SMTP id w2mr27721393qbf.11.1199217729189; Tue, 01 Jan 2008 12:02:09 -0800 (PST) Received: from RockYourEars.com ( [66.130.98.195]) by mx.google.com with ESMTPS id q14sm7668071qbq.33.2008.01.01.12.02.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Jan 2008 12:02:08 -0800 (PST) Message-ID: <477A9BBA.3030703@gmail.com> Date: Tue, 01 Jan 2008 14:59:54 -0500 From: Frank User-Agent: Thunderbird 2.0.0.9 (X11/20071203) MIME-Version: 1.0 To: Anjang Aki References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 20:26:22 -0000 Anjang Aki wrote: > Greetings, > > I've been looking for a proper way to to track down user's activity > inside the shell as I'm helping my colleague to configure a web > hosting and shell hosting server. > > Someone have referred me to this article -- > http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using > 'watch' commands to view user's activity once they logged in to the > server > > I found that this 'watch' utility is very useful and are able to > fulfill my needs but I can only be able to watch the activity once I'm > logging to the server at the time the users are logging in. > > Is there is any way that logging user's activity can be done without a > need for me to login at the server at the same time? Perhaps the > activity can be logged into a file and I can read it later. > > Or is there is any other utility I can use just to monitor user's > activity as the server is misused by a user previously and I don't > want it to happen again in the future. > > Best regards, > > > Hello! You can use "script filename" and start doing your stuff. The user can press CTRL-D when he's finished doing his stuff so the content can be flushed to the file. Happy new year, Frank