From owner-freebsd-questions  Sun Jul 12 02:25:33 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA02471
          for freebsd-questions-outgoing; Sun, 12 Jul 1998 02:25:33 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclone.degnet.baynet.de (cyclone.degnet.baynet.de [194.95.214.129])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA02436
          for <freebsd-questions@freebsd.org>; Sun, 12 Jul 1998 02:25:21 -0700 (PDT)
          (envelope-from malte@webmore.com)
Received: from neuron.webmore.com (unverified [194.95.214.186]) by cyclone.degnet.baynet.de
 (EMWAC SMTPRS 0.83) with SMTP id <B0000285423@cyclone.degnet.baynet.de>;
 Sun, 12 Jul 1998 11:27:04 +0200
Received: (from malte@webmore.com)
          by neuron.webmore.com (8.8.8/8.8.8) id LAA00499;
          Sun, 12 Jul 1998 11:24:15 +0200 (CEST)
Message-ID: <XFMail.980712112415.malte@webmore.com>
X-Mailer: XFMail 1.2 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <19980712094453.K23241@freebie.lemis.com>
Date: Sun, 12 Jul 1998 11:24:15 +0200 (CEST)
Reply-To: malte@webmore.com
From: Malte Lance <malte@webmore.com>
To: Greg Lehey <grog@lemis.com>
Subject: Re: Q: Logging a telnet session
Cc: Elliot Finley <efinley@afnetinc.com>, freebsd-questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 12-Jul-98 Greg Lehey wrote:
> On Saturday, 11 July 1998 at 19:07:40 +0200, Malte Lance wrote:
>>
>> On 10-Jul-98 Greg Lehey wrote:
>>> On Friday, 10 July 1998 at 10:56:58 +0200, Malte Lance wrote:
>>>> On 10-Jul-98 Elliot Finley wrote:
>>>>> Hello,
>>>>>      Is there anyway to log a telnet session into my machine?  I have
>>>>> a user that telnets in, and I suspect malicious intent from him.  Is
>>>>> there any way to log every keystroke that he types?
>>>>
>>>> Have a look at "man watch"
>>>> You'll need snp-pseudo-devices in your kernel-config.
>>>
>>> Unfortunately this only works at the originating end.  But it works
>>> pretty well there.
>>
>> Not that i know of such a restriction. Maybe i misunderstood your reply.
> 
> Watch applies to a tty device.  There are no tty devices involved at
> the telnetd end.

So what about the ttyp<n> ???

neuron:~> w
11:21am  up 14 mins, 7 users, load averages: 0.24, 0.23, 0.19
USER     TTY FROM              LOGIN@  IDLE WHAT
malte    p5  vampire          11:20am     -  (bash)

and "watch -iW ttyp5" works very well. What is your point ?

Malte.

> 
> Greg
> --
> See complete headers for address and phone numbers
> finger grog@lemis.com for PGP public key
> 

----------------------------------
E-Mail: Malte Lance <malte@webmore.com>
Date: 12-Jul-98
Time: 11:18:42
----------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message