detect if a linux user is actively doing something
Problem: Detect if any actions were performed by a linux user in the
interval of time T1 - T2. (let's say T2-t1 = 5-10 minutes) (example
actions: typed commands in his shell, started a browser, watching a video)
Essentially, i want to guess as well as possible if he's at his machine or
not. if there's a perfect solution, great, if not what is the best i can
do?
Capabilities/situation:
can ssh into his machine. have read permissions for almost everything on
his machine. don't have any write permissions
i am friendly, so he will tolerate my behavior and is aware of it.
he does not log command history for his shell.
My ideas:
monitor process spawning
execute du on his home directory to see if he's actively changing things
What is a better solution? Thank you
No comments:
Post a Comment