Watching a user on an tty?

Watching a user on an tty?

Post by Holger Mue » Fri, 24 Jun 1994 20:21:02



Guten Tag!

  In order to examine problems happening to my users who dial in via a serial
port I would like to spy on a tty, ie. see what a user types there.

  Is there any solution to this problem?

  I am aware of the previous discussions concerning a mechnism like this and
it's m*and legal justification. Note that it is meant to help my users
and not to examine their private data. Believe it or not and flame me if you
like to.

  Thank you in advance for you help. Any information will be appreciated!


 
 
 

Watching a user on an tty?

Post by Andries Brouw » Sat, 25 Jun 1994 05:57:40



>Guten Tag!

Goeienavond.

Quote:>  In order to examine problems happening to my users who dial in via a serial
>port I would like to spy on a tty, ie. see what a user types there.
>  Is there any solution to this problem?

Lots of possibilities. You might for example replace his login shell
by a small script that does a tee(1) or starts a pty like script(1)
or something similar.
Or was your purpose to help the user remember his password?

 
 
 

Watching a user on an tty?

Post by Tim Smi » Tue, 28 Jun 1994 12:43:55



>  In order to examine problems happening to my users who dial in via a serial
>port I would like to spy on a tty, ie. see what a user types there.

>  Is there any solution to this problem?

How about hooking one of your modems to two serial ports at once?  Run
getty or whatever the Linux equivalent is on one, and leave the other
open (but protected so that only root can access it).  Have the user
you want to spy on log in through that modem, and then you can watch
via the second port using whatever serial port watching software you
like (cu, cat, pcomm, etc.).  You should even be able to help the
user out by typing things for them.

Check with a hardware person first, of course, to make sure that this
can't harm the serial ports or the modem.

--Tim Smith

 
 
 

Watching a user on an tty?

Post by Dan Fost » Tue, 28 Jun 1994 13:13:10


The original poster has a valid point there - this really helps for software
support, as well as seeing what an intruder is doing to hack around the
system or if he/she's planting any kind of bombs... rare, but it has happened
where I used to work, a large VMS and Ultrix site.

Under VMS, this kind of thing was implemented by telling the kernel to
send data to two different virtual terminals at once... maybe this could
be implemented as either some kind of kernel hack/mod or pty (pseudo-terminal
) code running at kernel level? Of course, under VMS, anything that used
kernel mode code always had a chance to crash the system...

-Dan

 
 
 

Watching a user on an tty?

Post by Joe Pann » Tue, 28 Jun 1994 13:36:38




>The original poster has a valid point there - this really helps for software
>support, as well as seeing what an intruder is doing to hack around the
>system or if he/she's planting any kind of bombs...

And finding out passwords, eh?  I don't mean just login, but PGP, for
instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

Joe

 
 
 

Watching a user on an tty?

Post by Ralf G. R. Ber » Tue, 28 Jun 1994 18:41:56




>>Guten Tag!
>Goeienavond.
>>  In order to examine problems happening to my users who dial in via a serial
>>port I would like to spy on a tty, ie. see what a user types there.
>>  Is there any solution to this problem?
>Lots of possibilities. You might for example replace his login shell
>by a small script that does a tee(1) or starts a pty like script(1)
>or something similar.
>Or was your purpose to help the user remember his password?

You'd better asked that BEFORE you told him how to do it... :-)))

  Ralf

--
Ralf G. R. Bergs, Aachen University of Technology EE (comp. eng.) student
snail: H"uckeswagener Str. 42, D-51647 Gummersbach, Fed. Rep. of Germany

Click <A HREF="http://www-users.informatik.rwth-aachen.de/~rabe">here</A>.

 
 
 

Watching a user on an tty?

Post by Christian Hen » Tue, 28 Jun 1994 23:03:56




>>The original poster has a valid point there - this really helps for software
>>support, as well as seeing what an intruder is doing to hack around the
>>system or if he/she's planting any kind of bombs...

>And finding out passwords, eh?  I don't mean just login, but PGP, for
>instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

First of all, passwords through ``login'' and ``passwd'' aren't echoed by
the respective programs; when's the last time _you_ saw your password being
echoed when you logged on?  Also, there's _no_ reason why PGP can't be told
to not echo passwords (assuming that it currently does); in fact, it
_should_ be told to not show passwords.

So where's the problem?

 
 
 

Watching a user on an tty?

Post by Scott Daws » Tue, 28 Jun 1994 23:02:40


   >>The original poster has a valid point there - this really helps for software
   >>support, as well as seeing what an intruder is doing to hack around the
   >>system or if he/she's planting any kind of bombs...
   >
   >And finding out passwords, eh?  I don't mean just login, but PGP, for
   >instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

   First of all, passwords through ``login'' and ``passwd'' aren't echoed by
   the respective programs; when's the last time _you_ saw your password being
   echoed when you logged on?  Also, there's _no_ reason why PGP can't be told
   to not echo passwords (assuming that it currently does); in fact, it
   _should_ be told to not show passwords.

   So where's the problem?

uh, if you can read/snoop the tty, you can watch what's typed whether it
gets echoed or not.  I believe that's the problem.

-Scott

 
 
 

Watching a user on an tty?

Post by Alex Shr » Wed, 29 Jun 1994 07:16:42


I have a related question: how can I monitor my modem's transmissions
over the phone line. I use slip, and I wanted to inspect the
transmissions more carefully.

--


 
 
 

Watching a user on an tty?

Post by Dan Fost » Wed, 29 Jun 1994 08:14:58




>>And finding out passwords, eh?  I don't mean just login, but PGP, for
>>instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

Besides, I have to mention...I might be slightly biased, being a sysadmin
myself, I'd say maybe 99% of the sysadmins are honest and ethical. In the
rare, off chance that you actually come across someone that is less than
honest and ethical; and he/she has privs, then you ultimately lose because
with privileges, he/she can modify the system to do any nefarious deed(s)
he/she wants it to. In that case, the safest thing would be to 1) report
him/her or 2) not use the system at all.

Think about it... what's preventing a corrupt sysadmin with privs from
modifying pgp, for instance?

Thank goodness at the last site (and is true to some extent to many other
places) I've had the fortune of working with friendly, honest, and ethical
co-workers. Besides, we all signed agreements against this kind of thing,
and I've seen my top supervisor fire people without a second thought upon
*any* discovery of any no-no deeds by computing people in a position of trust.
In fact, the people (one was a new employee of mine, sad to say) were indeed
subject to prosecution - at least on the federal level.

Securest machine (relatively speaking) that you can trust is a machine that
only you have privs on. All others, it boils down to faith, and some decency,
imho.

But of course, this is kinda off the point. Back to our regularly scheduled
Linux discussion. :-)

-Dan

 
 
 

Watching a user on an tty?

Post by Tim Smi » Wed, 29 Jun 1994 10:49:57


If the system administrator wants your password, why would he or she
go to the trouble of snooping on your terminal line?  Why not just change
login to catch it?

--Tim Smith

 
 
 

Watching a user on an tty?

Post by Bruce Hagger » Wed, 29 Jun 1994 12:47:25





>>The original poster has a valid point there - this really helps for software
>>support, as well as seeing what an intruder is doing to hack around the
>>system or if he/she's planting any kind of bombs...
>And finding out passwords, eh?  I don't mean just login, but PGP, for
>instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

Hmm...at the risk of starting a policy discussion...

There are times that such "snooping" is necessary.  The example that
Dan Foster gave above, of seeing what an intruder is doing, is a perfect
example.

My responsibility to protect the *legitimate* users not only doesn't
extend to a (would be) system cracker, but demands me to take whatever
action is needed to prevent him from doing further damage.  I would never
go through a users $HOME, but if that user attemps to compromise the
system, you can bet I'll see what's in the file ~cracker/hack.sh!

--
Bruce Haggerty

***NOTE --- The only machine I admin at NYU is my personal workstation.  
The above should not be taken as an indication of NYU policy.

 
 
 

Watching a user on an tty?

Post by Christian Hen » Wed, 29 Jun 1994 10:17:12




>   >And finding out passwords, eh?  I don't mean just login, but PGP, for
>   >instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

>   First of all, passwords through ``login'' and ``passwd'' aren't echoed by
>   the respective programs; when's the last time _you_ saw your password being
>   echoed when you logged on?  Also, there's _no_ reason why PGP can't be told
>   to not echo passwords (assuming that it currently does); in fact, it
>   _should_ be told to not show passwords.

>   So where's the problem?

>uh, if you can read/snoop the tty, you can watch what's typed whether it
>gets echoed or not.  I believe that's the problem.

In many cases, the primary administrator for a system has root access.  Since
root doesn't need to know another user's password to ``su'' to that user's
account (or even to change the user's password to one that the administrator
can use to fully log into the user's account), it doesn't really matter if
the administrator can see what the user types for his/her password when
logging in or changing his/her password.

However, _now_ I can see how tty ``snooping'' could cause a problem with
PGP...  :-)

 
 
 

Watching a user on an tty?

Post by Kevin Lent » Wed, 29 Jun 1994 21:05:44



> >And finding out passwords, eh?  I don't mean just login, but PGP, for
> >instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

root doesn't need your passwords. Although, if root discovers your
password, that may affect the security of other accounts that you access.
Of course, using the same password everywhere invites such risks.

Quote:> Hmm...at the risk of starting a policy discussion...
> There are times that such "snooping" is necessary.  The example that
> Dan Foster gave above, of seeing what an intruder is doing, is a perfect
> example.
> My responsibility to protect the *legitimate* users not only doesn't
> extend to a (would be) system cracker, but demands me to take whatever
> action is needed to prevent him from doing further damage.  I would never
> go through a users $HOME, but if that user attemps to compromise the
> system, you can bet I'll see what's in the file ~cracker/hack.sh!

I am part of a group which runs a general access machine for students at
Monash University, here in Melbourne. Part of our user agreement (which all
users sign) states that we have the right to monitor activities if a breach
of the agreement is suspected. Those breaches include any illegal
activities, even net abuse

In this way we get around the m*and possibly legal issues
involved by getting initial consent. On the other hand, we don't go around
looking.

If you do things right, observing users  in the right situation is not a
problem. How to do it is another question.

[And since disclaimers seem to be the go in this thread - the above
represents the policies of the General Access Unix Group (GAUNIX) at Monash
University, adminsitering yoyo.cc.monash.edu.au. It does not represent
views/rules or actions of the Computer Centre or the University. Blah Blah
Blah.]
--
[==================================================================]
[ Kevin Lentin                   |___/~\__/~\___/~~~~\__/~\__/~\_| ]

[ Macintrash: 'Just say NO!'     |___/~\__/~\___/~~~~\____/~~\___| ]
[==================================================================]

 
 
 

Watching a user on an tty?

Post by Holger Mue » Wed, 29 Jun 1994 21:40:00




|> >The original poster has a valid point there - this really helps for software
|> >support, as well as seeing what an intruder is doing to hack around the
|> >system or if he/she's planting any kind of bombs...
|> And finding out passwords, eh?  I don't mean just login, but PGP, for
|> instance.  I sure wouldn't appreciate my SysAdmin doing that to me.

There will be a little note in my /etc/issue mentioning such a mechaism.
There is a simple policy for my users if they do not like being watched:
They always can log off.


 
 
 

1. Watching a user on an tty?

 * Newsgroups: comp.os.linux.admin,comp.os.linux.misc

That's ridiculous. cd /usr/src/linux and find all the bugs you want
to exploit. Alternatively, buy some book on Unix security. You'll
find /dev/kmem mentioned there. In an open OS, there is no way
to keep things secret, and doing so hurts more than it helps.

Joe Random Cracker with root access is BAD. Make sure he can't become
root.

Patrick

2. squid & netware

3. watching another user's tty

4. X-windows can't start up

5. watching tty

6. How large

7. User "tty" in group "tty"

8. pptp, ipsec, how?

9. tty's and watching dialins?

10. Any way to watch a tty port?

11. tty watch utility

12. Can I watch other users? (as root)

13. USERS/WATCH?