🔔 🔔 🔔 Duyuru: 24. Yılımıza özel indirimler sizleri bekliyor ! Kampanya Kodu : TDATA2024 | Detaylı bilgi için tıklayınız.

Snoopy logger

Snoopy logger

Snoopy logger is a powerful utility which makes the admin work more easy by providing a log of commands executed via shell. It logs each and every users shell command executions to “/var/log/secure”. We can later check the log and recognize the user and the command it executed from the uid.

Snoopy Installation Steps
* cd /usr/src
* wget ftp://ftp.uwsg.indiana.edu/pub/FreeBSD/ports/distfiles/snoopy-1.8.0.tar.gz
* tar xvf snoopy-1.8.0.tar.gz
* cd snoopy-1.8.0
* ./configure
make install

# Then you can actually enable snoopy:
make enable

Snoopy “/usr/local/lib/snoopy.so” is placed in /etc/ld.so.preload. To remove snoopy later, simply edit /etc/ld.so.preload and remove the
reference to snoopy.so and delete /usr/local/lib/snoopy.so.

snoopy logs:
Sep 10 05:38:21 serverXXX snoopy[206016]: [uid:99 sid:185700 tty: cwd:/home/user123/public_html/my-notepad.biz/forum/archive filename:/opt/suphp/sbin/suphp]: /opt/suphp/sbin/suphp
Sep 10 05:38:21 serverXXX snoopy[206016]: [uid:1002 sid:185700 tty: cwd:/home/user123/public_html/my-notepad.biz/forum/archive filename:/usr/bin/php]: /usr/bin/php /home/markwesl/public_html/my-notepad.biz/forum/archive/index.php
Sep 10 05:38:22 serverXXX snoopy[206024]: [uid:1006 sid:185700 tty: cwd:/home/user999/public_html/drwhofigures.co.uk/forum filename:/usr/bin/php]: /usr/bin/php /home/senseb/public_html/domain.com/forum/cron.php

You can find the user using uid using the following command or from the /etc/passwd file.

root@serverxxx [~]# getent passwd 99
root@serverxxx [~]# getent passwd 1002
root@serverxxx [~]# getent passwd 1006


Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar

  • Network monitoring on Linux

    Network monitoring on Linux This post mentions some linux command line tools that can be used to monitor the network usage. These tools monitor the traffic flowing through network interfaces and...

  • df -i /tmp folder is full

    Install tmwatchftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/tmpwatch-2.9.16-4.el6.x86_64.rpmthen run  /usr/sbin/tmpwatch -am 1 /tmp/nginx_clientthen add cron filelike this0 */1 *...

  • Accessing a Fedora Logical Volume from Ubuntu

    A while back, I started experimenting with Ubuntu after playing with Fedora. I decided to jump to Ubuntu and needed to move data from the Fedora-managed logical volume to Ubuntu. Here's what I...

  • How to create a partition size larger than 2TB on Linux

    How to create a partition size larger than 2TB on Linux Parted is a GNU utility and used to create, manipulate and delete the hard disk partitions. Select the drive that you need to create #...


    what is RSZDT mean ? PROCESS STATE CODES -different values that the s, stat and state output specifiers(header “STAT” or “S”) will display to describe the state of a...