log all activity of a special user?
This is a discussion on log all activity of a special user? within the Linux Security forums, part of the System Security and Security Related category; hi! is there any possibility to log all activity on the console of a special user? i just want to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-04-2004
|
|||
|
|||
Re: log all activity of a special user?
"Florian Wolters" <flo.wolters@gmx.net> writes:
]hi! ]is there any possibility to log all activity on the console of a special ]user? ]i just want to see averything th euser does on the console... ]tnx for any hints Why? This sounds like phone tapping which is illegal except with a warrent. 
|
|
05-04-2004
|
|||
|
|||
|
Re: log all activity of a special user?
On Mon, 03 May 2004 22:51:58 +0200, Florian Wolters wrote:
> is there any possibility to log all activity on the console of a special > user? > i just want to see averything th euser does on the console... http://freshmeat.net/projects/ttysnoop/ is the only one of which I am aware, but that seems to be unmaintained. Personally, I recommend not giving shell access to untrusted users. You could jail them in many ways, and even jail the jail inside a user-mode Linux virtual machine, which in turn can be limited in terms of how much memory it uses. If you plan to monitor this user, you must be there the whole time the user is logged in. -- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
|
|
05-04-2004
|
|||
|
|||
|
Re: log all activity of a special user?
On Mon, 03 May 2004 22:48:43 +0000, Bill Unruh wrote:
> "Florian Wolters" <flo.wolters@gmx.net> writes: > > ]hi! > > ]is there any possibility to log all activity on the console of a special > ]user? > ]i just want to see averything th euser does on the console... > ]tnx for any hints > > Why? This sounds like phone tapping which is illegal except with a > warrent. Whether or not this is equivalent to phone tapping is highly disputable. I agree that there would have to be some MAJOR ethical considerations, but let us consider a few things... 1. Phone tapping is usually defined as an outsider intruding on the private phone line of a person on a NEUTRAL phone network (ie. not controlled/owned by the person doing the tapping). This is significantly different than an administrator watching users on HIS/HER own system. 2. The administrator already has access to thorough logs of commands that the user runs anyways. This situation is not different in principle than look at logs, just different in degree (with a screen capture program they can see more). Would you consider looking at logs to be equivalent to phone tapping? 3. It has already been shown repeatedly that the standards/laws used in relation to phone tapping are almost never applied to the Computer world (for proof look at the way e-mail monitoring is handled). -- Mark J. Nenadov
|
|
05-04-2004
|
|||
|
|||
|
Re: log all activity of a special user?
On Mon, 03 May 2004 22:48:43 +0000, Bill Unruh wrote:
> "Florian Wolters" <flo.wolters@gmx.net> writes: > > ]hi! > > ]is there any possibility to log all activity on the console of a special > ]user? > ]i just want to see averything th euser does on the console... > ]tnx for any hints > > Why? This sounds like phone tapping which is illegal except with a > warrent. Whether or not this is equivalent to phone tapping is highly disputable. I encourage you to refrain from being so rash and quick in questioning the posters motives. It is possible that he/she has a perfectly valid reason to do what they are doing. I agree that there would have to be some MAJOR ethical considerations. I too am concerned about violations of privacy. However, let us consider a few things that you might not have thought of... 1. Phone tapping is usually defined as an outsider intruding on the private phone line of a person on a NEUTRAL phone network (ie. not controlled/owned by the person doing the tapping). Tapping usually involves an outside agency forcing a phone company to allow monitoring of their phone network. This is significantly different than an administrator watching users on HIS/HER own system. 2. The administrator already has access to thorough logs of commands that the user runs anyways. This situation is not different in principle than looking at logs. It is merely different in degree (with a screen capture program they can see a lot more). Would you consider looking at logs to be equivalent to wrong without a warrant? 3. It has already been shown repeatedly that the standards/laws used in relation to phone tapping are almost never applied to the Computer world (for proof look at the way e-mail monitoring is handled).
|
|
05-04-2004
|
|||
|
|||
|
Re: log all activity of a special user?
Florian Wolters wrote:
> hi! > > is there any possibility to log all activity on the console of a special > user? > i just want to see averything th euser does on the console... > tnx for any hints > > > flo I don't know how feasible this is but would it be possible to cause the system concerened to run '/usr/bin/script' in some way when the user loggs on pointing it to a log file in a secure location. that way, eaven if they 'su -' it will capture the input and output of the console (including stderr i believe) and save it to a specified file. An example is below although I'm not sure how you would specifically set it up and the size of the captured file is a quick check with the command:- [xeon@baseline documents]$ script --help script: invalid option -- - usage: script [-a] [-f] [-q] [-t] [file] [xeon@baseline documents]$ whereis script script: /usr/bin/script /usr/share/man/man1/script.1.gz [xeon@baseline documents]$ script dum Script started, file is dum [xeon@baseline documents]$ su - Password: [root@baseline root]# ls amsn_received install.log sound anaconda-ks.cfg install.log.syslog test.sh Desktop lfs5-chroot XConf.old fglrx-glc22-4.3.0-3.7.0.i386.rpm lfs-chroot.sh XF86Config findwin.e NVIDIA-Linux-x86-1.0-4363 IBMFLASH NVIDIA-Linux-x86-1.0-4363.run [root@baseline root]# top 17:53:15 up 2 days, 10:52, 5 users, load average: 0.12, 0.15, 0.12 77 processes: 75 sleeping, 1 running, 1 zombie, 0 stopped CPU0 states: 15.0% user 5.0% system 0.0% nice 0.0% iowait 78.0% idle CPU1 states: 0.0% user 5.0% system 0.0% nice 0.0% iowait 94.0% idle Mem: 512792k av, 506264k used, 6528k free, 0k shrd, 43748k buff 375800k actv, 28k in_d, 10604k in_c Swap: 1052248k av, 338020k used, 714228k free 165948k cached <<output of top snipped>> [root@baseline root]# exit logout [xeon@baseline documents]$ ls dum from Anton morn.at music uplink_XMMS.zip uplink.zip [xeon@baseline documents]$ exit Script done on Tue 04 May 2004 17:53:21 BST [xeon@baseline documents]$cat dum <<output of script file snipped to avoid unnesscasary duplication>>
|
Linear Mode
