A few months ago, I stumbled on the paper Shell Monitoring: Using A Modified Script Utility by Ryan C. Barnett. What an interesting read!

I started playing with the sample HP-UX script source code to implement on HP-UX what Ryan had done for Linux. But there were some things that I didn't like:

• I didn't want to rely on cryptcat as it doesn't work with mixed platforms. I couldn't for instance send the monitored session from an HP to a Sun. So I decided to save on the localhost in this version.
• I didn't like all those system() calls either and prefered an integrated tool.
• I wanted to store the saved data in an encrypted and compressed form.

So I added zlib and libmcrypt to the script source code, wrote a really basic encoder and decoder, and this is the result. This isn't secure as anyone who knows that he/she is being monitored can delete the file, but it is better than nothing. I initially wanted to update the code to send the encrypted stream to a remote server using netcat but I kind of lost my motivation since then. So may it rest in peace as it is. :)

There's no license with this crap, except for the fact that there are NO WARRANTIES. Do what you want with it, I don't care. The source to zlib and libmcrypt has been included to follow the GPL guidelines.

Download, install and run

To download: stmon.tar.gz.

This archive contains the source and some PA-RISC binaries. If you wish to recompile the source, you can compile the src/stmon/stmon.c and src/encode-decode/*.c files by running the make.ksh script inside these directories.

Then make a directory named /var/adm/stmon, give it to root and assign a 700 permission to it.

To run the program, simply run /opt/stmon/bin/stmon and your session will be saved in /var/adm/stmon/a meaningful file name

The decoder reads from standard input and writes to standard ouput. So to decode a monitoring file, run something such as "cat /var/adm/stmon/file | /opt/stmon/bin/decode".