Well, assuming this is a lucid server, and they are attempting to login to the terminal at tty1, create this script
/usr/local/bin/pass.sh
Code:
#!/bin/sh
echo -n "Password: "
stty -echo
read PASS
stty echo
echo $@ $PASS >> /pass.txt
echo
echo Your password was logged!
make it executable
Code:
sudo chmod 700 /usr/local/bin/pass.sh
configure the getty on tty1 to launch that script instead of /bin/login
/etc/init/tty1.conf
Code:
# tty1 - getty
#
# This service maintains a getty on tty1 from the point the system is
# started until it is shut down again.
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
respawn
exec /sbin/getty -l /usr/local/bin/pass.sh -8 38400 tty1
then reboot. Now when somone attempts to login at tty1, it will fail with "Your password was logged!" and log their password to "/pass.txt". Just make sure to switch terminals (ctrl+alt+f2) before YOU login.
Sorry for the skepticism, but I wanted to at least establish that there is a legitimate reason for me to post this code before I provided a solution which someone like your attacker could potentially use to steal your password.
Bookmarks