Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Dec 1999 13:40:53 -0600 (CST)
From:      Jason Hudgins <thanatos@incantations.net>
To:        security@freebsd.org
Subject:   logging a telnet session
Message-ID:  <Pine.BSF.4.10.9912011334310.27776-100000@eddie.incantations.net>

next in thread | raw e-mail | index | archive | help
I've had an intruder visiting my box recently, and I tried to 
setup a system for logging his telnet session.  I was using the
tcpd wrraper in inetd.conf, and having it set off a trigger in
hosts.allow.

The trigger calls a script that runs watch -c session on whatever
ttypX he logs into.  The problem is that tcpd calls the trigger and
hands control back over to telnetd without ever knowing what ttypX
the remote user will be using.

I've done some creative work arounds, but they only work about half
of the time (having they script that calls watch sleep for a little bit,
and then parses who output and tries to figure out the remote users
ttypX and then starting up watch)
 
does anyone have a good solution for this, I'm sure there is a better
way.

Jason Hudgins
http://www.incantations.net/~thanatos



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912011334310.27776-100000>