41 lines
1.0 KiB
Plaintext
41 lines
1.0 KiB
Plaintext
### Compile snoopy in Debian.
|
|
snoopy: log all commands executed by all users.
|
|
|
|
* Install
|
|
apt-get install dh-autoreconf socat git
|
|
|
|
* Clone
|
|
git clone https://github.com/a2o/snoopy.git
|
|
|
|
* Edit lib/inih/src/ini.h
|
|
INI_MAX_LINE --> 512
|
|
|
|
* Compile
|
|
./bootstrap.sh
|
|
./configure
|
|
make
|
|
|
|
* As root, install
|
|
make install
|
|
|
|
* Files installed
|
|
/usr/local/etc/snoopy.ini
|
|
/usr/local/lib/libsnoopy.la
|
|
/usr/local/lib/libsnoopy.so.0.0.0
|
|
/usr/local/sbin/snoopy-disable
|
|
/usr/local/sbin/snoopy-enable
|
|
|
|
* Edit /usr/local/etc/snoopy.ini
|
|
message_format = "SNOOPY HST=%{hostname} DAT=%{datetime} TIM=%{timestamp}.%{timestamp_ms} USR=%{tty_username} USR=%{username} UID=%{tty_uid} UID=%{uid} LOG=%{login} EUSR=%{eusername} EUID=%{euid} GRP=%{group} GID=%{gid} EGID=%{egid} EGRP=%{egroup} TTY=%{tty} SSH=%{env:SSH_CONNECTION} CWD=%{cwd} FIL=%{filename} CMD=%{cmdline}"
|
|
filter_chain = "exclude_spawns_of:cron"
|
|
output = devlog
|
|
error_logging = no
|
|
|
|
* Enable
|
|
snoopy-enable
|
|
|
|
* Reboot
|
|
|
|
* Logs by default
|
|
/var/log/auth.log
|