Logging a pts/X session {where X is an Integer}

Posted on 2004-09-23
Medium Priority
Last Modified: 2013-12-27
I have an account on 1and1.com - They give me an SSH account access.  When I log-in, I get this message:


For security reasons all ssh and telnet sessions are logged, and may
be monitored. By logging in you give consent to these conditions.

Shell access is provided for web development and not for running
irc-bots, arbitrary tcp/udp servers (e.g. gameservers) or cracking toolkits.
Disregard leads to suspension of your contract.

Well, I simply want to know if anyone has an idea of what they are using to monitor/log my session.  I'd like to implement this on my own server...I've asked a similiar question here:


But didn't really get a 'solid' response...so I thought I'd pick at the experts' brains once more.

So, I'm simply looking for a way to log - in relative detail, an ssh login session (pts/X).

Question by:ramble
LVL 40

Assisted Solution

jlevie earned 300 total points
ID: 12136787
That statement doesn't really say anything about what level of logging they are doing. It could be as simple as the standard collection of login/logout data. Or as full as the capture of all commands passed to the server in a session. The later, as far as I know would require modified sshd or telnetd servers.

If the server is a Solaris box they might be running full auditing, which will log what applications get run, but not all of the shell commands.

Author Comment

ID: 12137190
I just discovered that "screen" is in it's path:

u55373445:~ > which screen

So, I'm trying to figure out if it can be used...but, your right, it's very ambiguous, and there really isn't any way to find out what methods they are employing.

There not running solaris:
Linux infong224 2.4.27-grsec-20040809a #1 SMP Mon Aug 9 10:21:08 CEST 2004 i686 unknown

But, screen is available for both platforms...don't think it will do what I want it to do...but I'm still working with it.


Author Comment

ID: 12137252
Well, screen seems to be installed by default with Red Hat, so I don't think it means anything for it to be found in the path...

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 48

Expert Comment

ID: 12138037
The warning message is pretty much a standard type of message to cover legalities.

I suspect that their logging is no more than your average Linux system.  Most of the info they would look at would be in the various log files under /var/log


Author Comment

ID: 12138262
Hey...I've been working more with screen...it seems to be a pretty robust logging solution...check it out:

I've got many of the features to work, trying to figure out how to set the permissions, and create a robust .screenrc file.

Doesn't seem to work in all shells...? Which could be a big problem.
LVL 38

Accepted Solution

yuzh earned 600 total points
ID: 12139152
You can download screen binary package from:
you need to remember to install required packages.

I have tested to log all the use command including screen out put with screen, it works.
but I would not use it to monitor the users. (tons of reason).

I suggest you to use Solaris BSM, please have a look at the following pages for more

http://docs.sun.com     -- Search for BSM

Assisted Solution

dlinvill earned 300 total points
ID: 12139890
A tool installed by default on almost any UNIX server is script.  It can be setup to spawn the users shell and log everything that is displayed to the terminal in a file.  I doubt this is what the warning is hinting at but it may be what you are looking for on your own server.

Try a 'man script'


Author Comment

ID: 12183176
script seems to be an extemely easy way to do it...

How would I hide it from the user?  Not in a "complicated" fashion...just in general.  Script starts up like this:

Script started, file is script_testing
Script done, file is script_testing

Also, it seems to change the default prompt for the login file.  I'd like it to keep the same "characteristics" of the prompt.

example: (normal login)

Research SVR>

But, putting: exec script /logs/session_logs/script_log
in the .login file makes the prompt simply display:

#echo $SHELL


Author Comment

ID: 12183233
Here's an "actual" example of the 'alias' command being overwritten.  So, I'm not clear on how I can retain the same environment BEFORE the script spawned a new shell.

Research SVR> alias
h       history
set3151 setenv TERM ibm3151
set803  setenv TERM tvi800
setpc   setenv TERM ibmpc
setsvt  setenv TERM svt1220
settvi  setenv TERM adds25
setuvt  setenv TERM svt1220
setvt100        setenv TERM vt100
setwyse setenv TERM wyse50
sus     exec bash
Research SVR> script
Script started, file is typescript
$ alias
autoload='typeset -fu'
command='command '
functions='typeset -f'
history='fc -l'
integer='typeset -i'
nohup='nohup '
r='fc -e -'
stop='kill -STOP'
suspend='kill -STOP $$'
LVL 51

Assisted Solution

ahoffmann earned 300 total points
ID: 12193512
the ways to go are script or screen
sript is a simple thing and can simply detected with ps. There is no problem with the prompt, you description sounds like you have a broken SHELL environmen variable.
> How would I hide it from the user?
you can't (except with a modified /bin/ps and no acces to /proc)

screen is hard to detect, at least if you have no root access.

Author Comment

ID: 12200423

Yes, that was what I was guessing with the environment variable.  

I tried screen, and it works fine...in root.  

But when I'm in the SHELL environment of the users that I want to log...I get:

[screen is terminating]

And it immediately exits...No other error messages, or reasons on why.

Another user I get the error message:

Cannot open your terminal '/dev/pts/5' - please check.

I'm guessing that this is env related as well.  Any suggestions?

LVL 51

Expert Comment

ID: 12216112
Unix is secure, in most things ;-)
obviously you need to be root then to use screen to monitor other user's tty.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question