Cybersecurity

Hi Unix Experts,

Since I am in childhood stage of Unix, I need to know a solution for the following:

When I logon from a Remote terminal ( say /dev/pts/0) ,
I should be able to view the work done by the Remote user on the Unix machine when I log on as a root.

eg : if the remote user types
echo $TERM

in my Unix Server,
I should be able to view the same and the result.

I tried cat /dev/pts/0 > /dev/tty1 (Unix Terminal)

but the remote user is getting blocked. I also tried with dd and other commands but still I could not get the solution....

I would appreciate if anyone can help me in this regard.

You could write a C program to open the device file and read this file, as root.

Look into telnetsnoopd... It comes by default with several Linux distributions...

You can set it up several different ways, but the end result is that you watch what a user does on their terminal.

If you've ever heard of a small program called VNC, you may want to check that out. It shows an exact copy of the screen on a remote terminal and can even allow you keyboard and mouse control. I personally never got it to work on my Linux box, but I've used it extensively on the Windows side. But it came with my Mandrake distro, so I know it has to work. Good luck.

Here's their website if you want to see more:

www.uk.research.att.com/vnc

They have downloads for Linux/SPARC/Windows/Macintosh and others including the source code for all.

hi try this

You might need to enter these in ur shell startup scripts like .login or .profile or .bash_profile depending upon ur login shell.


% csh -i |& tee /tmp/demo
or
$ csh -i 2>&1 | tee /tmp/demo

In the other shells that are
going type:


% tail -f /tmp/demo

courtesy: ugu.com

I got yer sreen capture right here.....


It's late, I'm tired, anyway, you need to check out ttywatcher, this is a nice little screen watcher util for unix, I forget exactly how it works, but it is cool. You'll have to compile it,a nd it may need some libs, I've put it on Solaris and IRIX, it worked great, it was just a littel unstable at first, had to tweak it some...

The next thing is, a favorite of many sneaky people, "xwd", this nice little thing comes with most all unix systems and also works with "xwud". What it is: X-windows Dump, it basically takes an Xwindows session and dumps it (or a particular window) to a file, you can then read that file with "xwud", or X-windows UnDump.

2600 did an article on this sometime back as an eavesdropping method, it's been around for quite a while, and it does work, but you need to be on the same host to dump the user's session. And it is a kind of snapshot, not real-time.

I suppose, if one wanted to go to the trouble of seeing what a user is seeing without having a loging to the box they are on, you could hook up a sniffer to the network, I'm implying here that YOU are an admin and have this sort of authority at your site, other wise, DON'T EVEN THINK OF DOING THIS, and inline it to a reconstruction prog of some sort, take a look at the bpf stuff, I think I read of something similar to this already being out.


In all seriousness, these are ideas really for eavesdropping on your users, many a more seasoned SA/NA than I have stated that you should be paranoid about your security, but not to the point of being a hinderance to the usage of the system as it was intended. I can't come up with a good reason to implement these things where I work, I do this at home for kicks and to see how it works, but I really don't need to look over my users shoulders, they're already convinced I'm omniscient anyway....


Hope this helps, I apolagize for the soapboxin',


loadc

Yeah loadc, ur right, Ill definitely make a note of this.

Thanks & Regards