Sh2log is a powerful PTY sniffing software that captures console output and keystrokes from both physical and virtual consoles.
Sh2log provides ready-to-use log files that can be used for legitimate purposes like auditing user actions on a sensitive server or honeypot. Installing sh2log is also a pretty straightforward process. You'll need to edit config.h and set up certain values before compiling sh2log. The configuration settings include CONNECT_IP, SERVER_PORT, REAL_SHELL_DIR, MAX_LOG_SIZE, and secret (a 128-bit symmetric key).
Once you set up the configuration settings, you can compile sh2log by simply running "make system." System can be any of those: linux, freebsd, openbsd, cygwin, sunos, aix, irix, hpux, and osf. After compiling sh2log, you'll need to replace the original shell with sh2log and run sh2logd. Ensure that you follow the steps carefully and create "/bin/shells/sh" to avoid rendering your system unusable.
Sh2log comes with an interactive log parser that allows you to monitor your users' actions effectively. You can run the log parser in non-interactive mode or takedown-like interactive mode that enables you to pause, fast forward (2x or 4x), and follow in real-time what the users are doing in the system. The parser requires XTerm for window resizing and a valid DISPLAY. Suppose you use PuTTY, try resizing the window by hand.
In summary, sh2log is an easy-to-use and helpful PTY sniffing software that delivers accurate and ready-to-use log files for monitoring user actions on your system. The installation process is user-friendly, and the interactive log parser provides fantastic monitoring functionalities.
Version 1.0: N/A