Running snoopy on NetBSD
by Emile `iMil' Heitor - 2014-12-06
Snoopy is a pretty cool piece of software that can log every exec(3)
call to syslog
. When it comes to security, that feature can be really handy.
Yesterday (Dec. 5), I commited security/snoopy
to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload
so libsnoopy
is loaded before libc
and achieve its role. NetBSD doesn’t have a ld.so.preload
file, instead, we use a flexible /etc/ld.so.conf
configuration file which has the following syntax:
In our case, after having installed snoopy
, you’ll just have to add the following line to /etc/ld.so.conf
(or create it):
Meaning that when kern.ostype
sysctl(8)
value is NetBSD
(always true on NetBSD, obviously), libsnoopy.so
will be loaded before libc
.
Once done, /var/log/authlog
will be filled with lines like: