Use SnoopyLogger to audit Linux

When it comes to security you better audit what is going on in your linux box. This is not intended to be a recipe for success on securing Linux boxes, you will be secure only if you are stronger than your enemies and that translates to "Do not stop here" when it comes to learning. We live in a world of "knowledge war".

So let us call it the poor sysadmin weapons as they are free like in beer and simple enough to install and use. The acct package is the first to have. Between others you have the lastcomm command available. But as you might have noticed it does not give you the whole command including parameters and options. SnoopyLogger to the rescue. I have tested all this in Ubuntu BTW.

Here is a recipe for you to install and check the power of this tiny C Open Source code.

You can install all this in your servers running the below commands. Note that acct and snoopy logger are different packages/programs:

sudo apt-get install acct
wget http://nestorurquiza.googlecode.com/svn/trunk/bash-recipes/snoopylogger-install.sh
chmod +x snoopylogger-install.sh 
./snoopylogger-install.sh

When it comes to security I also recommend using Logwatch