"script" command without notification?

I would like to know how to use the UNIX "script" command so that it doesn't display (on the screen) the message:
  "Script command is started. The file is ..."
when I start a script session, and if possible, doesn't display (on the screen) the message:
  "Script command is complete.  The file is ..."
when I exit.

Everything else (ie: commands entered during the script "session", and output from them), should display on the screen as usual.

I need this to work in AIX 4.3.2, (ksh).
LVL 12
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Unless you want to find the script sources and build you own (or patch the executable to emit spaces for the strings) you can't disable the notifications or redirect them to /dev/null.

There's pretty good security related reasons for "script" announcing what it's doing. If it didn't announce, a malicious user could invoke it on an unattended session or slip it into someones shell init script and capture data that they shouldn't be able to see.

If you are in a position of authority and suspect that some user is misbehaving, there may be other ways to document the users actions. For anything else, I can't see why the messages would be a problem.
tel2Author Commented:
Thanks for that jlevie,

My purpose is to capture enties of users who I suspect may be doing stuff they shouldn't, and also to log sessions of service people so I can see how they have fixed things.

Does anyone know of any other way?  Otherwise, patching the executable may be what I have to do, in which case, my next question will be how to do this with a binary file.  For a text file, I would have used sed and tr, but I'm not quite up to using more flexible tools like awk and perl.
To patch the executable, you'll need to use a binary patch tool, probably adb. The process goes like, find the offset to the start of each string (od -a will help) and use adb or what ever you have on AIX to insert spaces. I'd highly recommend making a special copy, not in the in the normal path, that only you and/or root has read/executable rights to.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

For Solaris , you can install bsm (basic security module) , under AIX utilities such as tcbck and

I recommend installing tripwire, this will give you a complete history of all files that have been altered on the system each day.

you can also use swatch to watch the users shell history file automatically for you, and alert you to suspicious behaviour.

programs such as COPS allow you to secure permissions on your systems.

commands such as lastcomm, acctcms etc can help, and If you have a suspected rogue user as a last resort you can give them a restricted shell (this is very secure, but has some limitations).

Hope this helps.
tel2Author Commented:

Your answer was very informative, but it's just not really what I'm after, so I'm afraid I have to reject it.  I don't think any of the facilities you mentioned will show me to see exactly what came up on the screen of a user (as script does).  Shell history can be useful, until the user enters an application, then you can't see what they're doing.  Thanks for you efforts though, and keep up the good work!
tel2Author Commented:

Sorry for the delay in getting back to you, and thanks for your help so far.  A couple of problems:

First, I tried to find the strings:
"Script command is started. The file is" and "Script command is complete. The file is" in the executable, using the strings command, but couldn't quite find them.  Check this out:

# strings `which script`
1.11  src/bos/usr/ccs/lib/libc/__threads_init.c, libcthrd, bos43K, 9823A_43K 6/1
2/98 12:37:06
get window size
Script started, file is %s
Script started on %s
OK!  You can read now.
tcsetattr 1
script done on %s
tcsetattr 3
Script done, file is %s
open master
tcsetattr 2
set window size 1
xusage: script [ -a ] [ typescript ]
chmod failed on tty. errno = %d
chown failed on tty. errno = %d
acl_set failed on tty. errno = %d
chown failed on tty. errno = %d
@(#)26  src/bos/usr/bin/script/script.c, cmdsh, bos43D, 9744A_43D 10/2
4/97 10:53:32

The closest I can find is: "Script started, file is %s".  So, I don't understand where "Script command is started...", etc, come from.  What am I doing wrong?

Secondly, are you sure that adb can be used as a binary editor?  The AIX man pages say it's a "general purpose debug program".  How might I use it to edit?
you can edit it with emacs, just be careful not to change the length of the strings you replace (you may want to set overwrite mode)
Changing the S in "Script started" to a null would probably do it.
I don't know why you don't see those strings, unless there's more than one "script" executable around. You certainly have run the "strings" command correctly and it's output shows what I would expect, namely "Script started, file is %s", etc.

Well, any debugger has the ability to modify locations in an executable. But now that I look at the man pages for adb again, I realize that I'm not sure that I can save any changes. So I may have misled you there. I'm used to using adb to patch runnig kernels, so it quicly came to mind, but then I don't have to save those back to disk. Of course the best solution would be to build a custom copy from source and I'm looking for a source now. If I can find one and get it to work on Solaris, you ought to also be able to use it on AIX. More soon... I hope.
I followed jlevie's and ozo's excellent advice, with slight modifications
and came up with this ez-script mod:

NOTE: Lines starting with "%" indicate the shell prompt.

% which script
% xxd /bin/script > /tmp/script.hex
% cp /tmp/script.hex /tmp/script.hex.new
% vi /tmp/script.hex.new
% diff /tmp/script.hex /tmp/script.hex.new
< 0001a30: 6372 6970 7420 5d0a 0000 0000 5363 7269  cript ].....Scri
> 0001a30: 6372 6970 7420 5d0a 0000 0000 0063 7269  cript ]......cri
< 0001a90: 646f 6e65 206f 6e20 2573 0a00 5363 7269  done on %s..Scri
> 0001a90: 646f 6e65 206f 6e20 2573 0a00 0063 7269  done on %s...cri
% xxd -r /tmp/script.hex.new > /tmp/newscript
% chmod 755 /tmp/newscript

The above patch has the nice benefit of also taking out the "Script done, file is typescript" that you get when you quit script.  To be completely explicit about the above diff, all I did was replace the "53" with "00" and "S" with "."

Happy hacking!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tel2Author Commented:

Thanks very much for that.  My only problem, before I test it, is getting hold of xxd.  It doesn't come with AIX, and I had a quick search on the Net and could only find it with VIM (the editor).

What is a good place to get xxd (for AIX) from?  I will want to download it, compile it, and test it on "script" before grading your answer.

tel2Author Commented:
In the mean time, I tried this:

# tr "S" "\000" <script >script2
Which changes ALL "S"s to nulls.  The only extra "S" it should find is in "SHELL", which should not be a problem for our test.  Here goes:

# chmod +x script2
# chmod +s script2
# ./script2
Script command is started. The file is typescript.
# exit
Script command is complete. The file is typescript.

NOPE.  That didn't work.  I still think the problem is that "Script command is started..." is different from "Script started...".

Let's check that tr worked:
# od -a script >script.hex
# od -a script2 >script2.hex
# diff script*hex
< 0013500    S   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
< 0013520    /   s   h nul   a nul nul nul   w nul nul nul   S   c   r   i
> 0013500  nul   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
> 0013520    /   s   h nul   a nul nul nul   w nul nul nul nul   c   r   i
< 0013620    S   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
> 0013620  nul   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
< 0013760    r  sp   3 nul   S   c   r   i   p   t  sp   d   o   n   e   ,
> 0013760    r  sp   3 nul nul   c   r   i   p   t  sp   d   o   n   e   ,

Looks OK to me.

Did you test your new version of script, sgoldgaber?  What did the output look like?
tel2Author Commented:
Adjusted points from 60 to 80
The xxd that I used did, in fact, come with vim.  It should compile on AIX.

What I wrote was exactly what I did on Solaris, and it worked.  script produced no output when so patched.  It started and stopped without either the "Script started, file is typescript" or the "Script done, file is typescript" messages.
Here are a couple of links to hex editors which are advertised to compile under AIX:


By the way, when I said that script produced no output, I meant no output when it started, and no output when it stopped.  Normal output (such as the shell prompt, STDOUT, STDERR, etc) was still there, as it should be.
tel2Author Commented:

Thanks for all that info.  I've downloaded hexedit and I'll try it some time.

1. Is hexedit a different program to xxd?
2. Would you agree that my attempt using "tr" has achieved the same thing in this case (except "SHELL" has been changed to "<nul>HELL")?  Ie: Because I got lucky that there weren't too many "S"s.
3. Any ideas why it's still not working for me.

My concern is, I could get hexedit and make the change and it still won't work.
I'm thinking that "script" may be calling another program which has the exact text "Script command is started...".  I'll have to search the binary.
1 - yes, but it _should_ be able to do what you need
   I've never used anything other than xxd on a UNIX system, so I have no comment on hexedit (except that its supposed to be able to edit hex ;).

2 - Actually, it doesn't look like your "tr" trick caught the right strings.  There's more than one "Script started" string in the file.  Your "tr" seemed to catch the wrong one.  Also, the third substitution that it seemed to do was on "Script done", not on "Script completed".  So, I suggest using a real hex editor to make sure you got all of the relevant strings.

3.  See above.
Script does not call another program, at least not on Solaris.  The patch I applied works for me, and I modified only script itself.  If you want you can run "truss", "trace", "strace", "ktrace", or whatever the AIX equivalent is on script and you'll see if it forks.  But it almost definately won't.
tel2Author Commented:
If you have a look (far above) at the output of my "strings `which script`" command, you will see that there is a reference to "script.cat".  I searched the system for this file, and found it:
-rw-r--r--   1 bin  bin   494 Oct 01 1997 /usr/lib/nls/msg/en_US/script.cat

And check this out:
# strings script.cat
Usage: script [ -a ] [ Typescript ]
Script command is started. The file is %s.
Script command is started on %s.
Script command is complete on %s.
Script command is complete. The file is %s.
Out of pty's.
chmod failed to change permissions of tty. Errno = %d.
chown failed to change ownership of tty. Errno = %d.
acl_set failed to change permissions of tty. Errno = %d.

It seems it's a catalogue of messages for commands for the script command, and this one's got the EXACT message I get when I start & stop the script command.  I tried running tr on that, and it worked.  There's only 1 minor problem - I still need to exit twice to logoff, but I can workaround that easily in the .profile.

Thanks to everyone for your help.  The points will all go to sgoldgaber in this case for simplicity, but I appreciate the help of jlevie, festive & ozo too!  Keep up the good work guys!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.