Termlog - System terminal I/O and key logging program Author: C.S. Peron OS: FreeBSD Updates - Added MD5 Checksum / Syslog Support Now MD5 Checksums of sessions are created and can be configured to log to a remote system; enhancing non- repudiation of the session files. Download http://www.seccuris.com/documents/downloads/termlog-1.0.2.tar.gz Overview Termlog is capable of performing real time synchronous monitoring and logging of multiple system ttys. It is designed to allow system administrators to monitor I/O between themselves and connected clients regardless of protocol medium used. Termlog allows you to snoop terminals based on their controlling tty, process ID or user ID. It allows you to timestamp the return keystroke so administrators can see the time breaks between entering commands if desired. Termlog will also log each session to an individual file by default. Termlog uses kernel event notification mechanisms on system files in conjunction with accessing the kernels virtual memory system so it can effectively verify system terminal activity. Because of this, Termlog can not be easily tricked by things like the screen(1) C-a-L key binding (Toggle a windows login slot.). Termlog is dependent on the existence of the snp(8) device. This device must be either compiled into the kernel or have a module loaded. If the existence of the device is not present in the kernel, Termlog will attempt to load the module itself. Unless otherwise specified, Termlog will attempt to open all active ttys, if there are not enough snp nodes in /dev, Termlog will attempt to create enough. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 08:49:00 PST