Snoopy iconSnoopy 1.3

Snoopy is a tool designed to aid the task of a sysadmin by providing a log of commands executed.
Snoopy is a tool designed to aid the task of a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications it hooks in as a library providing a wrapper around calls to execve() calls. Logging is done via syslogd and written to authpriv allowing secure offsite logging of activity, generally the authpriv is stored as /var/log/auth.log.

execv() calls are now explicitly logged. Although, according to the man page for execv(), it is supposed to call execve(). To this date the reason why execv() calls weren't being logged is unknown, but the developers are working to find out why.

USAGE:

Snoopy is able to log all users or just root, this functionality is configured at compile through the snoopy.h header, #define ROOT_ONLY 1 will restrict logging to root activities. Installation is as follows:

make
make install

Snoopy is placed in /etc/ld.so.preload to trap all occurances of exec, if you wish to monitor only certain applications you can do so through the LD_PRELOAD environment variable - simply set it to /lib/snoopy.so before loading the application. For example:

export LD_PRELOAD=/lib/snoopy.so
lynx http://example.com/
unset LD_PRELOAD

To remove snoopy later, simply edit /etc/ld.so.preload and remove the
reference to snoopy.so and delete /lib/snoopy.so.

What's New in This Release:

Altered logging mechanism for performance
Added new way of logging (can choose)
Added an integrity check (optional)

last updated on:
January 3rd, 2008, 9:37 GMT
price:
FREE!
developed by:
Marius Aamodt Eriksen and Mike Baker
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ System Administration

FREE!

In a hurry? Add it to your Download Basket!

user rating 17

UNRATED
2.3/5
 

0/5

Add your review!

SUBMIT