Hi "J",
you can do that with your unix/linux onboard tools. just attach strace
to the sshd process of the user you want to monitor:
strace -s 4096 -e trace=read -p PROCESS_ID
than have a look for the shell prompt (e.g.):
read(10, "\33]0;USERNAME@HOSTNAME:~\7".
now you know that the FD (file handle) is 10 for the users ssh session terminal.
then you can do something like that:
strace -s 4096 -e trace=read -p 10417 2>&1 | grep -E '^read\(10,' |
grep -oE '".+"'
and you should get an output like:
"uname -a"
"\r\n"
"Linux HOSTNAME 2.6.29.1 #1 SMP Sat Apr 18 11:22:05 CEST 2009 i686
Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz GenuineIntel GNU/Linux\r\n"
"\33]0;USERNAME@HOSTNAME:~\7"
well, this will only work if you have root permission on the server
running sshd.
have fun,
richard
No comments:
Post a Comment