Sean Witham <Sean.Witham@asa.co.uk>  wrote:
 > BIG BROTHER or what ! These "naughty things" must be very annoying to
 > warrant you sepending your time watcher things rather then just check
 > soem loggs and disabling things.
 > 
 > On Wed, 15 Apr 1998 tooleym@douglas.bc.ca wrote:
 > 
 > > I have a NetBSD1.3 machine and I would sorely like to install something
 > > like ttywatcher through which I might start up an xterm window and watch
 > > the input and output (take over if I wanted) of a particular user's tty.
 > > 
 > > Personally, I'd prefer to see it a little more real-time so I have just a
 > > few more seconds to react to the naughty things that my users continually
 > > like to do.

no kidding! I have several thousand users who probably want to do 'naughty
things' and I bet probably even write email to their friends about the
'naughty things' they do/did... But as a sysadm, I find it distasteful to
actually monitor their individual actions or read their correspondance...
Not to mention the fact that were I to actually want to do this, I couldn't
possibly come up with the amount of time required to do a good job of it.

I recommend you do some or all of the following:

a) educate your users as to what is good/bad and allowed/disallowed.
b) put in place a policy defining your actions should you be made aware
   of any of your users doing anything 'naughty'.
c) actively monitor your postmaster/webmaster mailboxes for people notifying
   you of your users doing 'naughty things'.
d) do use /etc/security and similar items to apprise you of any possible
   'naughty things' people might have done on your system.
e) be generally aware of the sorts of processes and general activity on
   the system as well as normal/abnormal disk usage, overall mail flow,
   dns requests, etc...

besides, if your users know they are being monitored, then the ones who
don't wish to be monitored will go to extreme lengths to ensure they are
not monitored.