senetza@hg.uleth.ca (Leonard Senetza) (08/14/90)
I have a few 'hostile' users on my system here. I was wondering if anyone has a 'spy' type of program that would allow me to watch/record/control other users' sessions. I could possibly write one myself, but why re-invent the wheel? The system here is Ultrix 3.1D. We are running 1 server and 20 clients. Respond to me and if there is enough interest, I'll summarize. +-----------------------------------------------------------------------+ | Leonard Senetza | E-Mail: Senetza@HG.ULeth.CA | | Academic Consultant | Senetza%HG@UNCAEDU.BitNet | | University of Lethbridge | Phone: (403) 329-5162 | | Lethbridge, Alberta |-----------------------------------------| | Canada, eh? | Disclaimer: Why should I tell _them_? | | T1K 3M4 | What they don't know, can't fire me. | +-----------------------------------------------------------------------+ | If you ever get to a point where words have no meaning, | | you're probably talking to a dog. | +-----------------------------------------------------------------------+
jak@sactoh0.UUCP (Jay A. Konigsberg) (08/16/90)
In article <24123@adm.BRL.MIL> senetza@hg.uleth.ca (Leonard Senetza) writes: >I have a few 'hostile' users on my system here. I was wondering if anyone has >a 'spy' type of program that would allow me to watch/record/control other >users' sessions. I could possibly write one myself, but why re-invent the >wheel? > There are a few ways to do this. However, assuming you _are_ the administrator of the system, there is one reasonably easy way. Take the cables running to these hostile users terminals and splice into them. Assuming everyone (including yourself) is using the same type of terminal, you can then run the T from the splice to your terminal. To be on the safe side, you probably don't want to connect the "write" pin (2 or 3, I can never remember). Other options include re-writing the shell, taping into their history file and putting a `tee -a` into their .profile. Each method has varying levels of information available. One last option, available to anyone on a system, is to write a shell daemon that does periodic "ps -lfu u_name" (or similar) to check their processes and CPU activity. While this meathod doesn't show exactly what a user is doing, it does provide useful information to an administrator. -- ------------------------------------------------------------- Jay @ SAC-UNIX, Sacramento, Ca. UUCP=...pacbell!sactoh0!jak If something is worth doing, its worth doing correctly.
ergo@netcom.UUCP (Isaac Rabinovitch) (08/16/90)
In <3715@sactoh0.UUCP> jak@sactoh0.UUCP (Jay A. Konigsberg) writes: >In article <24123@adm.BRL.MIL> senetza@hg.uleth.ca (Leonard Senetza) writes: >>I have a few 'hostile' users on my system here. I was wondering if anyone has >>a 'spy' type of program that would allow me to watch/record/control other >>users' sessions. I could possibly write one myself, but why re-invent the >>wheel? >> >There are a few ways to do this. However, assuming you _are_ the >administrator of the system, there is one reasonably easy way. >Take the cables running to these hostile users terminals and splice into >them. Assuming everyone (including yourself) is using the same type of >terminal, you can then run the T from the splice to your terminal. To >be on the safe side, you probably don't want to connect the "write" pin >(2 or 3, I can never remember). A similar, and possibly more useful, approach would be to run the cable through a PC running one of those RS-232 diagnostic programs that captures data. Of course, you'd need a PC with two serial ports. Permanent records are always useful when legality time comes 'round. And if the bad guy isn't using your usual type of terminal, you can just save everything until you can figure out how his escape codes work. -- ergo@netcom.uucp Isaac Rabinovitch atina!pyramid!apple!netcom!ergo Silicon Valley, CA uunet!mimsy!ames!claris!netcom!ergo Disclaimer: I am what I am, and that's all what I am!
src@scuzzy.mbx.sub.org (Heiko Blume) (08/24/90)
ergo@netcom.UUCP (Isaac Rabinovitch) writes: >>Take the cables running to these hostile users terminals and splice into >>them. Assuming everyone (including yourself) is using the same type of >>terminal, you can then run the T from the splice to your terminal. To >>be on the safe side, you probably don't want to connect the "write" pin >>(2 or 3, I can never remember). you must *not* connect send data! (if you your spy terminal will eat all the signals). -- Heiko Blume c/o Diakite blume@scuzzy.mbx.sub.org FAX (+49 30) 882 50 65 Kottbusser Damm 28 blume@netmbx.UUCP VOICE (+49 30) 691 88 93 D-1000 Berlin 61 blume@netmbx.de TELEX 184174 intro d scuzzy Any ACU,e 19200 6919520 ogin:--ogin: nuucp ssword: nuucp