Date: Wed, 14 Aug 2002 01:58:51 +0000 From: Jez Hancock <jez.hancock@munkboxen.mine.nu> To: freebsd-questions@FreeBSD.ORG Subject: Keylogging for a tty session Message-ID: <20020814015851.A79240@munkboxen.mine.nu>
next in thread | raw e-mail | index | archive | help
How can I effectively log all keystrokes entered by a user in a login session? The purpose of the exercise is to audit the changes made by a 'staff' member logging in on a specific account (non UID 0) and to use the logs for later documentation purposes. Currently I'm using a pretty simplistic method: [1:53:30] munk@munkboxen /home/munk# cat /usr/local/ircd/.login script -a ircd.scp using the 'script' utility to append everything to the irc.scp file automatically after the user logins in via the ~/.login file. However this holds the problem that to stop logging (either inadvertently or otherwise), the user only has to press 'ctrl-d' or type exit to stop the script utility from logging. I can't think of an easy way of invoking the 'watch'/snp device to capture the data - does anyone have any similar experience with this, perhaps even a kernel level solution ala the snp device? Thanks in advance, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020814015851.A79240>