Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2012 13:47:48 +0200
From:      Damien Fleuriot <>
To:        "" <>
Subject:   Securituy - logging of user commands
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello list,

We're currently working towards the PCI DSS certification (Payment Card
Industry) for a project at work.

One of the prerequisites is that all user commands be logged.

We're currently using a very bad hack that takes the last command from a
user's history and sends it to a log server.

This of course is unreliable as a user may entirely disable their
history, or just use another shell to bypass the csh function or whatever.

My colleagues installed Snoopy on debian and it seems to work wonders as
a module which is LD preloaded.

I notice it also exists on FreeBSD as /usr/ports/security/snoopy .

However I face several problems with it, mainly it doesn't seem to log

As per the README, I have added "/usr/local/lib/" to

I'm not even sure this file is used on BSD ?

As per the man page for there's no such file:

Neither libmap.conf nor ldconfig(8) seem to be the answer either.

I've googled for and found the following 2 posts which seem
to indicate it isn't used either:

The posts mention -current but date back from 2003.

Lastly, I have also noticed that the port installs /usr/local/bin/detect
which I executed and would always reply "something's fishy".

By looking at the (very short) source I noticed the program merely loads
/lib/ , and it wouldn't find it on my system (8.3-STABLE with
Adjusting and recompiling lets the program correctly print "secure" but
it does nothing else.

I have checked that the output /usr/local/lib/ module is linked
against , and it is.

Has anyone ever got Snoopy to work on BSD ?
Might I need to install linux emulation ?

Is there any other port that might do the job and which I could use ?

Want to link to this message? Use this URL: <>