logging keystrokes (was encrypted filesystems)

Robert Connolly cendres at videotron.ca
Thu Jan 8 09:15:34 PST 2004


On January 8, 2004 09:08 am, Cedric wrote:
> At 09:11 PM 1/6/04 -0600, you wrote:
> > > I've been looking to ways to get some sort of keylogging going at my
> > > lfs box. I was thinking about catching the io form bash and put it into
> > > a logfile, my first attempt is this:
> > > bash 2>&1 | tee /somewhere/log.file
> > > It doesn't add to the security of the box, but then you can see what
> > > the hacker was doing (unless he finds it and deletes the logfiles)
> >
> >http://www.honeynet.org/tools/bash.patch
> >http://www.honeynet.org/tools/bash-anton.patch
> >see http://www.honeynet.org/tools/index.html for descriptions
>
> I read the article about the script util , and it looks promising. There is
> only one drawback: the script utility only writes the log when a user logs
> off. When i build a lfs system the user lfs stays logged on for hours. This
> cost some memory (a full toolchain log is about a meg in size) and i can't
> use it as a large scroll back buffer. Are there solutions which keep a
> (almost, a few seconds delay is fine) real-time archive?

I think you want "ttysnoop".




More information about the hlfs-dev mailing list