Running snoopy on NetBSD

Snoopy is a pretty cool piece of software that can log every exec(3) call to syslog. When it comes to security, that feature can be really handy.

Yesterday (Dec. 5), I commited security/snoopy to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload so libsnoopy is loaded before libc and achieve its role. NetBSD doesn’t have a ld.so.preload file, instead, we use a flexible /etc/ld.so.conf configuration file which has the following syntax:

In our case, after having installed snoopy, you’ll just have to add the following line to /etc/ld.so.conf (or create it):

Meaning that when kern.ostype sysctl(8) value is NetBSD (always true on NetBSD, obviously), libsnoopy.so will be loaded before libc.

Once done, /var/log/authlog will be filled with lines like: