Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!umbc3!umbc5.umbc.edu!cs411134
From: cs411134@umbc5.umbc.edu (Peter Johansson)
Newsgroups: alt.sources
Subject: Re: Need a "watching" program
Message-ID: <2040@umbc3.UMBC.EDU>
Date: 14 May 89 01:52:18 GMT
References: <8923@csli.Stanford.EDU>
Sender: newspost@umbc3.UMBC.EDU
Reply-To: cs411134@umbc5.umbc.edu.UUCP (Peter Johansson)
Distribution: usa
Organization: University of Maryland Baltimore Co.
Lines: 49

In article <8923@csli.Stanford.EDU> rustcat@csli.stanford.edu (Vallury Prabhakar) writes:
>
> I was wondering if there is any way of keeping track of any/every body who
> looks around in my home directory?  'twould be nice if this program could
> create and append to a logfile, each time some user chdir-ed to my $HOME.

Shame on those of you who this is impossible!  The problem as stated
might be rather difficult, but a little insight into most snoppers
activities leads to a rather simple solution.

Scenerio:  Someone cd's to your home directory (e.g. ``cd ~rustcat'').
What's the first command they are most likely to execute once there?
You got it, they are gonna do a ``ls -whatever''.  It's not is most
users behavious to ``ls /usr/users/rustcat''.

Solution:  Create a small program (preferably in C, as shell scripts
are shell-specific) that logs the information you desire, and then
passes all options to /bin/ls, or wherever ``ls'' is on your system.
Rename this program to ``ls'' in your $HOME directory (e.g. ``~/ls'')
and give it other execute permission (``chmod o+e ls'').  You can then
make links to this program in all directories that have ``other''
protection.

Why this works:  Most users have ``.'' in their path before ``/bin''
or ``/usr/bin'' and whetever else, so your ``ls'' gets executed
instead of the one the snooper expects.  If you like, and if you have
the source to the system ``ls'', you can include it into your program
and modify it so that your ``ls'' program never gets displayed.
Another good idea is not to log your own accesses to the program.

Dangers and Caveats:  It would be equally easy to have the ``ls''
program ``rm -R ~/*'' making this information potientially very
dangerous.  I suggest you remove ``.'' from your path when snooping.
I hope everyone who reads this message is mature enough to understand
its implications.

> I'm not a systems hacker so I have no idea what this entails.  My apologies
> if this request sounds ridiculous.  

The only ridiculous question is the one not asked.

> Thanks in advance.

You're most welcome.

--
This account dies soon.  Send all mail to:
Internet: peter@umbc2.umbc.edu
Bitnet  : peter@umbc2.bitnet