Capturing Keystrokes

Capturing Keystrokes

Post by Worker » Thu, 10 May 2001 21:53:27



Ye That Know,

    I would like to capture keystrokes from a particular user.

    This user always logs in via a modem on a specific serial port.  No
other user login via that modem/serial port.

- - -

   How can I:

      - capture this users keystrokes?

or

      - capture any keystrokes sent/received via the serial port/modem?

If someone would like to point me in the right direction with a few keywords
I'd be happy to read the MAN pages.

TIA,

    -:>Kevin Carpenter
         JHS CT/MR Service

 
 
 

Capturing Keystrokes

Post by Worker » Thu, 10 May 2001 23:01:05


Well I've reviewed the man page for 'script' - it looks pretty good and I
assume I could add it to the users 'startup' file.  (What is the name of the
users 'startup' file?)

'script' will work but has some limitations.   The user I would like to
track has root access.  When necessary they su to root.  When that happens I
would not capture any of their keystrokes.   For this reason I prefer
capture any keystrokes via the serial port/modem - that way I'll get
everything regardless of which login they use.

 -:>WorkerB


> Ye That Know,

>     I would like to capture keystrokes from a particular user.

>     This user always logs in via a modem on a specific serial port.  No
> other user login via that modem/serial port.

> - - -

>    How can I:

>       - capture this users keystrokes?

> or

>       - capture any keystrokes sent/received via the serial port/modem?

> If someone would like to point me in the right direction with a few
keywords
> I'd be happy to read the MAN pages.

> TIA,

>     -:>Kevin Carpenter
>          JHS CT/MR Service



 
 
 

Capturing Keystrokes

Post by Randy Styk » Fri, 11 May 2001 05:24:13



> Ye That Know,

>     I would like to capture keystrokes from a particular user.

>     This user always logs in via a modem on a specific serial port.  No
> other user login via that modem/serial port.

> - - -

>    How can I:

>       - capture this users keystrokes?

> or

>       - capture any keystrokes sent/received via the serial port/modem?

We wrote/sell a product called PEEK that is normally
used to monitor what someone is doing and to type
on their behalf, for remote support, demos, training,
etc.  It can capture to a file, but normally captures
input and output, like "script".  But there is a mode
that can be used that captures keystrokes only.  And it
can be setup for a certain user id, as you requested.


or visit www.computron.com/ne for details.  Good luck!
-
+-----------------------------------------------------------------+

| 4N165 Wood Dale Road           Phone:  630/941-7767             |
| Addison, Illinois  60101 USA   Fax:    630/941-7714             |
+-----------------------------------------------------------------+

 
 
 

Capturing Keystrokes

Post by Damir Juri » Fri, 11 May 2001 08:42:22



>Ye That Know,

>    I would like to capture keystrokes from a particular user.

>    This user always logs in via a modem on a specific serial port.  No
>other user login via that modem/serial port.

>- - -

ttysnoop?
 
 
 

Capturing Keystrokes

Post by Nate Eldredg » Fri, 11 May 2001 16:46:53



> Well I've reviewed the man page for 'script' - it looks pretty good and I
> assume I could add it to the users 'startup' file.  (What is the name of the
> users 'startup' file?)

> 'script' will work but has some limitations.   The user I would like to
> track has root access.  When necessary they su to root.  When that happens I
> would not capture any of their keystrokes.   For this reason I prefer
> capture any keystrokes via the serial port/modem - that way I'll get
> everything regardless of which login they use.

If this is an external modem, one possibility would be to, in effect,
do the logging in hardware.  Put another machine in between with the
modem on one serial port and the host of interest on another.  This
machine can run a program that passes data between the ports, logging
as it goes.  (I don't know offhand of a program that does this, but it
should be a SMOP to write one.)

This has the advantage that the luser in question has no way to
interfere with the logging (assuming you don't give them root on the
logger box, and keep it secure, perhaps off the network).  Any
solution that runs on the host of interest has the potential to be
tampered with by the luser.

--

Nate Eldredge