Path: utzoo!attcan!uunet!samsung!uakari.primate.wisc.edu!sdd.hp.com!elroy.jpl.nasa.gov!usc!rutgers!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.admin
Subject: Re: terminal watcher?
Message-ID: <12112:Nov603:03:3890@kramden.acf.nyu.edu>
Date: 6 Nov 90 03:03:38 GMT
References: <1990Nov2.135939.13150@hellgate.utah.edu> <1990Nov5.083004.11348@jdyx.UUCP>
Organization: IR
Lines: 31


  [ how to redirect input and output of a tty session? ]

The basic idea is to run the session under pty, which appeared in volume
23 of comp.sources.unix (try anonymous ftp to wuarchive.wustl.edu).
There are several ways to automatically use pty for any login session.
Then you'll have to figure out exactly what data flows where, and what
form of interprocess communication to use.

A primitive example: Move login to login.real, make a root-only
directory /etc/pipes, and add a new mode-700 login shell script like

  #!/bin/sh
  mknod /etc/pipes/in.$$ p
  (cat /etc/pipes/in.$$ & ; cat) | pty login.real | tee /etc/pipes/out.$$
  rm /etc/pipes/in.$$ /etc/pipes/out.$$

Now anything written to /etc/pipes/in.$$ will be written to the session
as input, and output will be recorded in /etc/pipes/out.$$. (Caveat: I'm
making this up as I go along.)

pty has been thoroughly tested under several Ultrix variants (though one
respondent is seeing strange problems under an Ultrix 3.1 revision), as
well as many other BSD-derived systems. I don't know what system type
the second poster has.

Note that it is extremely difficult to force a watcher program onto a
user who doesn't want to be watched. There are just too many ways to
execute commands. If you want a proper auditing system, ask your vendor.

---Dan