Date: Wed, 1 Dec 1999 13:40:53 -0600 (CST) From: Jason Hudgins <thanatos@incantations.net> To: security@freebsd.org Subject: logging a telnet session Message-ID: <Pine.BSF.4.10.9912011334310.27776-100000@eddie.incantations.net>
next in thread | raw e-mail | index | archive | help
I've had an intruder visiting my box recently, and I tried to setup a system for logging his telnet session. I was using the tcpd wrraper in inetd.conf, and having it set off a trigger in hosts.allow. The trigger calls a script that runs watch -c session on whatever ttypX he logs into. The problem is that tcpd calls the trigger and hands control back over to telnetd without ever knowing what ttypX the remote user will be using. I've done some creative work arounds, but they only work about half of the time (having they script that calls watch sleep for a little bit, and then parses who output and tries to figure out the remote users ttypX and then starting up watch) does anyone have a good solution for this, I'm sure there is a better way. Jason Hudgins http://www.incantations.net/~thanatos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912011334310.27776-100000>