TTY-Watcher README
------------------

What is TTY-Watcher?

TTY-Watcher is a utility to monitor and control users on a single system.
It is based on our IP-Watcher utility, which can be used to monitor and
control users on an entire network (For more information about this
utility, see http://nad.infostructure.com/watcher.html). TTY-Watcher is similar 
to advise or tap, but with many more advanced features and a user friendly 
(either X-Windows or text) interface.


TTY-Watcher allows the user to monitor every tty on the system, as well
as interact with them by:

1) Typing. Anything the user types into a monitored TTY window will be sent
to the underlying process (and consequently echoed back to the real owner
of the TTY). In this way, you are "sharing" a login session with another
user.

2) Termination. At the click of a button (or an escape sequence with the text
interface), the current connection can be instantly terminated.

3) Stealing. Another click of the button allows the user to "steal" the
monitored TTY. The TTY will continue to function as normal for the user,
but the real owner of the TTY will see no output, and his keystrokes will be
ignored.

4) Returning the TTY. After a TTY has been stolen, it can be returned to the
user, as though nothing happened. 

5) Sending the user a message. A message can be sent to the real owner of the
TTY without interfering with the commands he's typing. The message will only
be displayed on his screen and will not be sent to the underlying process.

Aside from monitoring and controlling TTYs, individual connections can be 
logged to either a raw logfile for later playback (somewhat like a VCR) or 
to a text file.

Each of these abilities (except for #4) are also available in our commercial 
IP-Watcher program, except instead of monitoring and controlling TTYs, entire
TCP/IP connections can be monitored and controlled. 
(See http://nad.infostructure.com/watcher.html for more info)

See the man page for specific instructions.

=========

Installation requirements:

SunOS 4.x/Solaris 2.x, xview 3.x. There are several bugs in the Xview 3.2 
distribution (and consequently in the 3.0 distribution that comes with SunOS). 
These bugs result in several annoying "features" to the program. Most notably:

1) If you watch more than 64 connections, the process will run out of file 
descriptors and die. (Xview looks up locale stuff without closing it's file 
descriptor) 
2) When a TTY window is created, TTY-Watcher automatically dumps the last 2k
of data which have gone by to the window. Without patches, the TTY window
will display the data, then reset the cursor position to 0,0 which overwrites
everything which was just displayed.

The patches to fix this problem in the xview3.2 distribution have been 
included. The precompiled version comes with the fixes included, so if you
don't plan on doing any modification of the source, use the precompiled
binary version. 

=========

Installation instructions (SunOS 4.x):

1) First, edit the top level Makefile to reflect your installation. (Pay
particular attention to the INCLUDES and LIBXVIEW lines. Make sure they
reflect where your xview and X includes and libraries are installed. In
addition, make sure CC is your favorite compiler. TTY-Watcher is written
in K&R C, so even the standard Sun CC should work just fine here)

2) Make the TTYWatcher interface:
   make

3) Make the twtch loadable driver:
   cd twtch
   make

4) Install the twtch drivers into the running kernel (5his must be done
everytime you reboot--TTY-Watcher will attempt to do it if you haven't,
but if you've moved any files out of the distribution layout, it won't
be able to):
   su root
   make doit

4) After the modules have been installed, it's ready to run!
   cd ..
   ./ttywatcher

--

Installation instructions (SunOS 5.x):

1) First, edit the top level Makefile.solaris to reflect your installation. 
(Pay particular attention to the INCLUDES and LIBXVIEW lines. Make sure they
reflect where your xview and X includes and libraries are installed. In
addition, make sure CC is your favorite compiler. TTY-Watcher is written
in K&R C, so even the standard Sun CC should work just fine here)

2) Make the TTYWatcher interface:
   make -f Makefile.solaris

3) Make the twtch loadable driver:
   cd twtch
   make -f Makefile.solaris

4) Install the twtch drivers into the running kernel. (The "install_driver"
script must only be run once for each machine the twtch driver will be 
installed on.) This will copy the device driver into your "/usr/kernel/drv"
directory. Unfortunately, there is no way, that we have found, to get around
this. (If anyone knows of a way, please let us know! [Modload doesn't
cut it on its own, it doesn't execute the drivers attach routines.])
To install, become root and execute the "install_driver" script:
   su root
   ./install_driver

The device driver automatically be loaded into the kernel, and will be 
loaded after every reboot. To remove the device driver from the kernel, 
use the "rem_drv twtchc" command.

4) Make sure that your LD_LIBRARY_PATH contains the directory where the 
X-View libraries are located (normally /usr/openwin/lib). 
 (Under csh/tcsh: )
   setenv LD_LIBRARY_PATH /usr/openwin/lib
 (Under sh: )
   LD_LIBRARY_PATH=/usr/openwin/lib;export LD_LIBRARY_PATH

5) It should be ready to run!
   cd ..
   ./ttywatcher

-----

Both a curses (text) and an X windows interface are available. If you'd like
the X interface, make sure root is allowed to open windows on your display
('xhost +localhost', or use xauth). Also, make sure after you su to root
that you set your DISPLAY environment variable appropriately:

Under sh:
# DISPLAY=hostname:0
# export DISPLAY

Under csh:
server# setenv DISPLAY hostname:0

If you're display isn't set properly, TTYWatcher will automatically default
to the text interface. If you'd like to use the text interface regardless of
your display variable, simply start ttywatcher with the '-curses' flag.

========

We hope this program is useful to you. If you have any questions, comments,
suggestions, or patches, please let us know. Also, be sure to take a look at
our commercial product "IP-Watcher". While TTY-Watcher is a valuable security
and system administrators tool, it also is limited to individual machines.
IP-Watcher allows the same functionality, but on a network-wide basis.
IP-Watcher's HTML page is: http://nad.infostructure.com/watcher.html. (Thanks
to Infostructure, Inc. for providing the space)

Mike Neuman
mcn@EnGarde.com
En Garde Systems
525 Clara Ave., Suite 202
St. Louis, MO  63112
(314) 367-6402
(314) 367-3555 (FAX)

=======
Tested Configurations:

sun4m (SS5)     running 4.1.3_U1B
sun4m (LX)      running 5.4
i486  (GENERIC) running 5.4

=======
THANKS to:

Bogdan Urma (bogdan@xandau.com) for the x86 Solaris port
