« Snoopy is a pretty cool piece of software that can log every exec(3) call to syslog. When it comes to security, that feature can be really handy. Yesterday (Dec. 5), I commited security/snoopy to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload so libsnoopy is loaded before libc and achieve its role.
[...]
nce done, /var/log/authlog will be filled with lines like:
Dec 6 09:36:46 coruscant snoopy[19394]: [uid:1000 sid:4525 tty:(none) cwd:/home/imil filename:/sbin/sysctl]: sysctl vm.loadavg
Dec 6 09:36:46 coruscant snoopy[29510]: [uid:1000 sid:4525 tty:(none) cwd:/home/imil filename:/usr/bin/cut]: cut -f2-4 -d »
OYEAH \o/ Snoopy est dans les packages Debian et juste fonctionne. Il faut ouvrir un nouveau terminal pour que le chargement de la lib soit effectif.
Thu Aug 6 12:17:50 2015 - permalink -
-
http://imil.net/wp/2014/12/06/running-snoopy-on-netbsd/