Solved

"script" command without notification?

Posted on 2000-03-31
19
459 Views
Last Modified: 2010-04-21
I would like to know how to use the UNIX "script" command so that it doesn't display (on the screen) the message:
  "Script command is started. The file is ..."
when I start a script session, and if possible, doesn't display (on the screen) the message:
  "Script command is complete.  The file is ..."
when I exit.

Everything else (ie: commands entered during the script "session", and output from them), should display on the screen as usual.

I need this to work in AIX 4.3.2, (ksh).
Thanks.
0
Comment
Question by:tel2
  • 8
  • 6
  • 3
  • +2
19 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Unless you want to find the script sources and build you own (or patch the executable to emit spaces for the strings) you can't disable the notifications or redirect them to /dev/null.

There's pretty good security related reasons for "script" announcing what it's doing. If it didn't announce, a malicious user could invoke it on an unattended session or slip it into someones shell init script and capture data that they shouldn't be able to see.

If you are in a position of authority and suspect that some user is misbehaving, there may be other ways to document the users actions. For anything else, I can't see why the messages would be a problem.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
Thanks for that jlevie,

My purpose is to capture enties of users who I suspect may be doing stuff they shouldn't, and also to log sessions of service people so I can see how they have fixed things.

Does anyone know of any other way?  Otherwise, patching the executable may be what I have to do, in which case, my next question will be how to do this with a binary file.  For a text file, I would have used sed and tr, but I'm not quite up to using more flexible tools like awk and perl.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
To patch the executable, you'll need to use a binary patch tool, probably adb. The process goes like, find the offset to the start of each string (od -a will help) and use adb or what ever you have on AIX to insert spaces. I'd highly recommend making a special copy, not in the in the normal path, that only you and/or root has read/executable rights to.
0
 
LVL 2

Expert Comment

by:festive
Comment Utility
For Solaris , you can install bsm (basic security module) , under AIX utilities such as tcbck and

I recommend installing tripwire, this will give you a complete history of all files that have been altered on the system each day.

you can also use swatch to watch the users shell history file automatically for you, and alert you to suspicious behaviour.

programs such as COPS allow you to secure permissions on your systems.

commands such as lastcomm, acctcms etc can help, and If you have a suspected rogue user as a last resort you can give them a restricted shell (this is very secure, but has some limitations).

Hope this helps.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
festive,

Your answer was very informative, but it's just not really what I'm after, so I'm afraid I have to reject it.  I don't think any of the facilities you mentioned will show me to see exactly what came up on the screen of a user (as script does).  Shell history can be useful, until the user enters an application, then you can't see what they're doing.  Thanks for you efforts though, and keep up the good work!
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
jlevie,

Sorry for the delay in getting back to you, and thanks for your help so far.  A couple of problems:

First, I tried to find the strings:
"Script command is started. The file is" and "Script command is complete. The file is" in the executable, using the strings command, but couldn't quite find them.  Check this out:

# strings `which script`
@(#)61
1.11  src/bos/usr/ccs/lib/libc/__threads_init.c, libcthrd, bos43K, 9823A_43K 6/1
2/98 12:37:06
typescript
get window size
/dev/ptyXX
script.cat
SHELL
/usr/bin/sh
Script started, file is %s
fork
script
fork
Script started on %s
OK!  You can read now.
tcsetattr 1
script done on %s
tcsetattr 3
Script done, file is %s
/dev/ptc
open master
tcgetattr
tcsetattr 2
set window size 1
xusage: script [ -a ] [ typescript ]
chmod failed on tty. errno = %d
chown failed on tty. errno = %d
acl_set failed on tty. errno = %d
chown failed on tty. errno = %d
@(#)26  1.18.1.1  src/bos/usr/bin/script/script.c, cmdsh, bos43D, 9744A_43D 10/2
4/97 10:53:32

The closest I can find is: "Script started, file is %s".  So, I don't understand where "Script command is started...", etc, come from.  What am I doing wrong?


Secondly, are you sure that adb can be used as a binary editor?  The AIX man pages say it's a "general purpose debug program".  How might I use it to edit?
0
 
LVL 84

Expert Comment

by:ozo
Comment Utility
you can edit it with emacs, just be careful not to change the length of the strings you replace (you may want to set overwrite mode)
Changing the S in "Script started" to a null would probably do it.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
I don't know why you don't see those strings, unless there's more than one "script" executable around. You certainly have run the "strings" command correctly and it's output shows what I would expect, namely "Script started, file is %s", etc.

Well, any debugger has the ability to modify locations in an executable. But now that I look at the man pages for adb again, I realize that I'm not sure that I can save any changes. So I may have misled you there. I'm used to using adb to patch runnig kernels, so it quicly came to mind, but then I don't have to save those back to disk. Of course the best solution would be to build a custom copy from source and I'm looking for a source now. If I can find one and get it to work on Solaris, you ought to also be able to use it on AIX. More soon... I hope.
0
 

Accepted Solution

by:
sgoldgaber earned 80 total points
Comment Utility
I followed jlevie's and ozo's excellent advice, with slight modifications
and came up with this ez-script mod:

NOTE: Lines starting with "%" indicate the shell prompt.

% which script
/bin/script
% xxd /bin/script > /tmp/script.hex
% cp /tmp/script.hex /tmp/script.hex.new
% vi /tmp/script.hex.new
% diff /tmp/script.hex /tmp/script.hex.new
420c420
< 0001a30: 6372 6970 7420 5d0a 0000 0000 5363 7269  cript ].....Scri
---
> 0001a30: 6372 6970 7420 5d0a 0000 0000 0063 7269  cript ]......cri
426c426
< 0001a90: 646f 6e65 206f 6e20 2573 0a00 5363 7269  done on %s..Scri
---
> 0001a90: 646f 6e65 206f 6e20 2573 0a00 0063 7269  done on %s...cri
% xxd -r /tmp/script.hex.new > /tmp/newscript
% chmod 755 /tmp/newscript


The above patch has the nice benefit of also taking out the "Script done, file is typescript" that you get when you quit script.  To be completely explicit about the above diff, all I did was replace the "53" with "00" and "S" with "."

Happy hacking!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Author Comment

by:tel2
Comment Utility
sgoldgaber,

Thanks very much for that.  My only problem, before I test it, is getting hold of xxd.  It doesn't come with AIX, and I had a quick search on the Net and could only find it with VIM (the editor).

What is a good place to get xxd (for AIX) from?  I will want to download it, compile it, and test it on "script" before grading your answer.

Thanks.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
In the mean time, I tried this:

# tr "S" "\000" <script >script2
Which changes ALL "S"s to nulls.  The only extra "S" it should find is in "SHELL", which should not be a problem for our test.  Here goes:

# chmod +x script2
# chmod +s script2
# ./script2
Script command is started. The file is typescript.
# exit
Script command is complete. The file is typescript.

NOPE.  That didn't work.  I still think the problem is that "Script command is started..." is different from "Script started...".

Let's check that tr worked:
# od -a script >script.hex
# od -a script2 >script2.hex
# diff script*hex
373,374c373,374
< 0013500    S   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
< 0013520    /   s   h nul   a nul nul nul   w nul nul nul   S   c   r   i
---
> 0013500  nul   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
> 0013520    /   s   h nul   a nul nul nul   w nul nul nul nul   c   r   i
378c378
< 0013620    S   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
---
> 0013620  nul   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
384c384
< 0013760    r  sp   3 nul   S   c   r   i   p   t  sp   d   o   n   e   ,
---
> 0013760    r  sp   3 nul nul   c   r   i   p   t  sp   d   o   n   e   ,

Looks OK to me.

Did you test your new version of script, sgoldgaber?  What did the output look like?
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
Adjusted points from 60 to 80
0
 

Expert Comment

by:sgoldgaber
Comment Utility
The xxd that I used did, in fact, come with vim.  It should compile on AIX.

What I wrote was exactly what I did on Solaris, and it worked.  script produced no output when so patched.  It started and stopped without either the "Script started, file is typescript" or the "Script done, file is typescript" messages.
0
 

Expert Comment

by:sgoldgaber
Comment Utility
Here are a couple of links to hex editors which are advertised to compile under AIX:

HexEd
ftp://ftp.gwdg.de/pub/misc/hexed/hexed-1.2.tar.gz

HexEdit
http://www.chez.com/prigaux/hexedit.html
http://www.chez.com/prigaux/hexedit-1.1.0.src.tgz
0
 

Expert Comment

by:sgoldgaber
Comment Utility
By the way, when I said that script produced no output, I meant no output when it started, and no output when it stopped.  Normal output (such as the shell prompt, STDOUT, STDERR, etc) was still there, as it should be.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
sgoldgaber,

Thanks for all that info.  I've downloaded hexedit and I'll try it some time.

Questions:
1. Is hexedit a different program to xxd?
2. Would you agree that my attempt using "tr" has achieved the same thing in this case (except "SHELL" has been changed to "<nul>HELL")?  Ie: Because I got lucky that there weren't too many "S"s.
3. Any ideas why it's still not working for me.


My concern is, I could get hexedit and make the change and it still won't work.
I'm thinking that "script" may be calling another program which has the exact text "Script command is started...".  I'll have to search the binary.
0
 

Expert Comment

by:sgoldgaber
Comment Utility
1 - yes, but it _should_ be able to do what you need
   
   I've never used anything other than xxd on a UNIX system, so I have no comment on hexedit (except that its supposed to be able to edit hex ;).

2 - Actually, it doesn't look like your "tr" trick caught the right strings.  There's more than one "Script started" string in the file.  Your "tr" seemed to catch the wrong one.  Also, the third substitution that it seemed to do was on "Script done", not on "Script completed".  So, I suggest using a real hex editor to make sure you got all of the relevant strings.

3.  See above.
0
 

Expert Comment

by:sgoldgaber
Comment Utility
Script does not call another program, at least not on Solaris.  The patch I applied works for me, and I modified only script itself.  If you want you can run "truss", "trace", "strace", "ktrace", or whatever the AIX equivalent is on script and you'll see if it forks.  But it almost definately won't.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
If you have a look (far above) at the output of my "strings `which script`" command, you will see that there is a reference to "script.cat".  I searched the system for this file, and found it:
-rw-r--r--   1 bin  bin   494 Oct 01 1997 /usr/lib/nls/msg/en_US/script.cat

And check this out:
# strings script.cat
ISO8859-1
Usage: script [ -a ] [ Typescript ]
Script command is started. The file is %s.
fork
Script command is started on %s.
Script command is complete on %s.
Script command is complete. The file is %s.
Out of pty's.
chmod failed to change permissions of tty. Errno = %d.
chown failed to change ownership of tty. Errno = %d.
acl_set failed to change permissions of tty. Errno = %d.

It seems it's a catalogue of messages for commands for the script command, and this one's got the EXACT message I get when I start & stop the script command.  I tried running tr on that, and it worked.  There's only 1 minor problem - I still need to exit twice to logoff, but I can workaround that easily in the .profile.

Thanks to everyone for your help.  The points will all go to sgoldgaber in this case for simplicity, but I appreciate the help of jlevie, festive & ozo too!  Keep up the good work guys!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Not able to see disks at the OS level 10 16
AIX  NFS  question 5 89
reinstall 1 55
SQUD PROXY SERVER, UNIX, SLL/HTTPS 5 45
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now