Monitoring a tty
Harry Skelton
harry at svnet.UUCP
Thu Jan 3 04:11:19 AEST 1991
ji at ctr.columbia.edu (John Ioannidis) writes:
. guest at apple-gunkies.ai.mit.edu (Guest Account) writes:
. >
. >Hello
. >
. >I'd like to ask what the best way is to monitor a tty invisibly to
. >the user. Obviously cat </dev/ttyxx doesn't work, it prevents
. >the commands to got o the processes.
. >How would one do this ?
. >
. >Joe
.
. If the TTY is a hard-wired termnal (a rare breed these days), just tap
. the cable (you'll actually need two terminals, one for tapping the
. incoming, and one for tapping the outgoing signal. Where I worked a
. few summers ago, we had an intruder coming over a modem, and we traced
. what he did this way.
Just don't wire your Data Transmit line into the connection, you may end
up sending answerback information, etc and screw up the line.
.
. If the TTY is really a pty, and the user is using a shell that stays
. in cooked mode (sh, csh, ksh the -[eg]macs option left unset), then
. you can peek into the contents of the "canonical queue" by reading
. /dev/kmem. I have a program that does that if you want. If it's in raw
. mode, then you can't do it without changing anything in the kernel.
Could you send me a copy John?
.
. If you have STREAMS-based ttys (e.g., SunOS), then it should be easy
. to write a STREAMS driver that inserts itself between two layers in
. some other user's STREAMS stack and tees traffic in your direction.
Just watch the config under AT&T's streams. (prior to 4.0)
You could just push him into a pty regarless with a pty handling program
(see recent alt.sources postings) and tee the output from the pty. I find
this easy since it works on most systems but does require you to be the
SA or have root access sometimes.
---
Harry Skelton - UniForum - Senior Systems Administrator.
More information about the Comp.unix.questions
mailing list