Need a "watching" program

Peter Johansson cs411134 at umbc5.umbc.edu
Sun May 14 11:52:18 AEST 1989 

In article <8923 at csli.Stanford.EDU> rustcat at csli.stanford.edu (Vallury Prabhakar) writes:
>
> I was wondering if there is any way of keeping track of any/every body who
> looks around in my home directory?  'twould be nice if this program could
> create and append to a logfile, each time some user chdir-ed to my $HOME.

Shame on those of you who this is impossible!  The problem as stated
might be rather difficult, but a little insight into most snoppers
activities leads to a rather simple solution.

Scenerio:  Someone cd's to your home directory (e.g. ``cd ~rustcat'').
What's the first command they are most likely to execute once there?
You got it, they are gonna do a ``ls -whatever''.  It's not is most
users behavious to ``ls /usr/users/rustcat''.

Solution:  Create a small program (preferably in C, as shell scripts
are shell-specific) that logs the information you desire, and then
passes all options to /bin/ls, or wherever ``ls'' is on your system.
Rename this program to ``ls'' in your $HOME directory (e.g. ``~/ls'')
and give it other execute permission (``chmod o+e ls'').  You can then
make links to this program in all directories that have ``other''
protection.

Why this works:  Most users have ``.'' in their path before ``/bin''
or ``/usr/bin'' and whetever else, so your ``ls'' gets executed
instead of the one the snooper expects.  If you like, and if you have
the source to the system ``ls'', you can include it into your program
and modify it so that your ``ls'' program never gets displayed.
Another good idea is not to log your own accesses to the program.

Dangers and Caveats:  It would be equally easy to have the ``ls''
program ``rm -R ~/*'' making this information potientially very
dangerous.  I suggest you remove ``.'' from your path when snooping.
I hope everyone who reads this message is mature enough to understand
its implications.

> I'm not a systems hacker so I have no idea what this entails.  My apologies
> if this request sounds ridiculous.  

The only ridiculous question is the one not asked.

> Thanks in advance.

You're most welcome.

--
This account dies soon.  Send all mail to:
Internet: peter at umbc2.umbc.edu
Bitnet  : peter at umbc2.bitnet

More information about the Alt.sources mailing list