strace for ssh
Hi,
I'm hoping I could get some help from an strace foo master/script star. I want to set up an ssh proxy, which is easy enough, but my company wants to be able to view the content in case proprietary stuff is being sent out. Since we can't do it with IDS and the requests keep coming in (most of them legitimate), I was thinking we could set up a proxy and do an strace on the sshd process.
I can do the strace if I call out the PID, but I can't seem to figure out how to set up strace so that it triggers whenever sshd spawns a new process. After pouring through the strace man pages, it seems that what I want to do can only be scripted. So I tried simple bash and perl loops--doesn't seem to work too well and when it does work, the logging is attrocious. It seems like it can't be too tough, a simple "if sshd, then strace -options," but I'm falling on my face.
Any ideas on which direction I should go? Am I wasting my time? Any thoughts are much appreciated.
Cheers,
Travis
|