snoopy for chroot - Githubissues

a2o / snoopy

Snoopy Command Logger is a small library that logs all program executions on your Linux/BSD system.

GNU General Public License v2.0

1.21k stars 155 forks source link

snoopy for chroot #267

Open hatamiarash7 opened 9 months ago

hatamiarash7 commented 9 months ago

How can I use Snoopy for restricted SSH access like the chroot? Can you help me? The normal installation on the host does not collect logs for this type of user.

I have these groups:

admin users ( snoopy worked )
normal users ( snoopy worked )
restricted users / chroot ( snoopy not worked )

bostjan commented 9 months ago

Processes within chroot are limited to seeing whatever is inside that chroot. This means that if there aren't /etc/ld.so.preload and .../libsnoopy.so (and snoopy.ini) files in their correct locations inside chroot, preloading Snoopy inside chroot will not work.

hatamiarash7 commented 9 months ago

I tried all these and it didn't work. The following files are currently available:

/<CHROOT DIR>/etc/ld.so.preload
/<CHROOT DIR>/etc/snoopi.ini
/<CHROOT DIR>/var/log/auth.log
/<CHROOT DIR>/lib/x86_64-linux-gnu/libsnoopy.so

bostjan commented 2 months ago

(Pardon for a slight delay in my responses.)

At this point, it would be best to use the strace tool and compare a working Snoopy trace (outside chroot) with a non-working one (inside chroot). That way, you'll see where the actual issue lies (i.e. does the dynamic loader read the correct ld.so.preload file, is libsnoopy.so loading actually attempted etc.