[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: snoop capabilities?



Jeremy wrote:
> Here's a quick question.  Is there any sort of mechanism in PAM that would 
> be able to provide snooping?  I've RTFM a bit, and it looks like the 
> answer is no.  I want to make sure of this before I go off and try other 
> means.  Yes, I know of in.telnetsnoopd, but that only works for telnet. It 
> would be nice to have a more general snoop device (of course, it would 
> only need to work on some services).  And before someone says "thats 
> unethical to sniff", dont bother.  I know that in most cases it is, but 
> from a security standpoint it is neccisary sometimes.

Take a look at pam_filter.  You will need to write a logging filter (I'd
estimate an hour to get something half-baked working). The only example I
have supplied is a fun one: upperLOWER.  I never got around to writing a
snoop filter because of too much else to do.  Feel free, and please submit
it for inclusion in the main distribution...

Cheers

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []