THC-vlogger
THCからLinux用カーネルベースキーロガーが出てますね。特徴は次のようです。
o Log keystrokes of all user sessions Console, serial console Telnet/SSH remote sessions o Stealth mechanism No syscall modifying, nearly impossible to detect UDP packets of log data can not be seen from the box itself o Multiple logging modes and methods Support three logging modes Switch between logging modes by specific keys sequence Default toggle character is CTRL-] Dumb mode Logs all keystrokes Smart mode Ability to detect password prompt automatically to log only sensitive data such as user/password (ssh, telnet, su, sudo, ftp, ...) Normal mode Stop logging mode o Log methods Log to files Remote log over network Transmits log data via UDP to a specified machine System users neither see nor sniff log packets Sniffers such as tcpdump on the box can not see the traffic Bypass local network filtering/firewall rules o Log data Separated logging for each tty/session Each tty has their own log buffer Easier to track sessions Timestamps logging Nearly support all special chars Arrow keys (left, right, up, down), Home, Page Up, Page Down F1 to F12, Shift+F1 to Shift+F12 ALT- and CTRL- combinations Tab, Insert, Delete, End, Backspace, ... Support line editing keys included CTRL-U and Backspace
詳しくはヽRノ日記にまとまってます。