Esben Stien executiv@online.no writes:
I just want to log incoming interactive sessions that have a terminal. I have a great deal many users on my system and I want to log their activity. That meaning, logging all input and output on the terminal.
I hope you have a good reason for doing that, but in general, I'd expect the user's terminal session to be private. Exceptions to that rule seem too rare to motivate an lshd option for logging terminal sessions.
The easiest way I can come up with is a custom login shell, which would do something like
#! /bin/sh
# Real shell SHELL=/bin/bash export SHELL
if [ -n "$SSH_TTY" ] ; then unexport SSH_TTY exec script /var/log/foo-$USER-$$ else exec $SHELL "$@" fi
Install the script in /etc/passwd, or use the experimental --login-shell option to lshd. You may have to use a special setuid script program if you also want to prevent users from manipulating the script process or deleting the resulting logs.
Regards, /Niels