watch – making it work
watch allows you to snoop on another terminal. It’s for superuser only.
Why use watch?
Sometimes, often for security purposes, it is useful to see what someone is doing.
Perhaps you found someone cracking into your system and you want to see what
they’re doing. I dunno. Maybe you’re just nosy.
What does watch need?
watch needs the following kernel option:
pseudo-device snp 3
This allows for four snoop devices. I think you need one for each concurrent watch
session. I’m not sure. You should add the following to your kernel and
recompile. This is pretty easy. Then you will need to follow the Handbook instructions Building and Installing
a Custom Kernel.
watch also needs the snoop devices. You should do the following:
cd /dev ./MAKEDEV snp0 ./MAKEDEV snp1 ./MAKEDEV snp2 ./MAKEDEV snp3
That should give you the devices you need.
If you get the following error, then you didn’t do the steps in the previous section.
Bad! Go back and try again.
# watch ttyp1 watch: fatal: cannot open snoop device
If you get this error, then the next section will show you what to do.
Here’s how I did it:
# who dan ttyp0 Nov 27 17:35 (wocker.int) dan ttyp1 Nov 28 12:36 (wocker.int) # watch ttyp1
Or, if you want to be able to write to the other terminal, try this:
# watch -W ttyp1