Yeah, you can probably just shell right up in there.
ssh root@obscure-server.com tail -f /var/log/syslog
But sometimes you just need those logs to come straight to you. Maybe to jump onto a different network.
We still have to shell in briefly to kick it off of course, but that only takes a moment.
I present to you, a script named fu (file over udp).
#!/bin/bash
LAST=$(tail -n 1 $1)
while [ 1 ]
do
sleep 0.0001
CUR=$(tail -n 1 $1)
if [ "$LAST" != "$CUR" ]; then
LAST=$CUR
printf '%s\n' "$LAST" > "/dev/udp/$2/$3"
fi
done
Dumb, insecure, and full of ignored edge cases, but it works just well enough to not warrant another ounce of effort.
We can shell in, spawn it, and leave:
nohup ./fu /var/log/syslog obscure-client.com 12345 &
And presto, obscure-server.com will start forwarding new lines appended to /var/log/syslog to port 12345 of obscure-client.com until death.
Then on obscure-client.com, we can use netcat to print out the new log lines as they as added.
nc -lukvw 0 12345
Of course, it's way more useful to simply spawn a persistent reverse SSH tunnel instead of fu instance.
ssh-copy-id root@obscure-client.com
nohup ssh -N -R 8000:localhost:22 root@obscure-client.com &
Then you can ssh from obscure-client.com to obscure-server.com whenever you want, regardless of those pesky firewalls.
ssh localhost -p 8000Seems like stuff every hacker knows by heart, but I am no hacker.