Honeypots mailing list archives
Re: Keystroke Logger bash patch on honeynet.org
From: Eric Hines <eric.hines () appliedwatch com>
Date: Mon, 22 Mar 2004 11:39:17 -0800
Edward, Great to hear from you. Awesome tool.. We're talking about adding support to it to the Applied Watch Command Center (http://www.appliedwatch.com) Question, we can't seem to get it to compile on Redhat 7.3 honeypots. Seems we are missing af_packet.c [root@localhost sebek-linux-2.1.7]# uname -a Linux localhost.localdomain 2.2.14-5.0smp #1 SMP Tue Mar 7 21:01:40 EST 2000 i686 unknown [root@localhost sebek-linux-2.1.7]# make cp /usr/src/linux-2.4/net/packet/af_packet.c . cp: /usr/src/linux-2.4/net/packet/af_packet.c: No such file or directory make: *** [af_packet.c] Error 1 Any ideas? Google produces nada.. BRDS, Eric Hines, GCIA CEO, President Applied Watch Technologies, Inc. ------------------------------------------- Eric Hines, GCIA CEO, Chairman Applied Watch Technologies, Inc. web: http://www.appliedwatch.com email: eric.hines () appliedwatch com ------------------------------------------- Direct: (877) 262-7593 - Toll Free x327 Fax: (815) 425-2173 General: (877) 262-7593 (9am-5pm CST) ------------------------------------------- Quoting Edward Balas <ebalas () iu edu>:
Eric, I recommend Sebek, though I am a bit biased ;-) http://www.honeynet.org/tools/sebek/ It is a kernel level capture tool that is capable of keystroke logging. You can read more about sebek at: http://www.honeynet.org/papers/sebek.pdf Edward balasDoes anyone know of a link or any sort of write-up on how to patch andconfigurethe bash keystroke logger provided on honeynet.org? I patched the bash source code with it, compiled and installed and don'tknow ifits working or where its logging to, or what.. Do I need to do anything post-install? Do I have to set all the shells in the passwd file to bash?Thisis of course referring to http://www.honeynet.org/tools/dcapture/bash-perassi.patch Are their better keystroke loggers out there? Google has turned up nothing on this bash patch. BRDS, Eric Hines, GCIA CEO, President Applied Watch Technologies, Inc. ------------------------------------------- Eric Hines, GCIA CEO, Chairman Applied Watch Technologies, Inc. web: http://www.appliedwatch.com email: eric.hines () appliedwatch com ------------------------------------------- Direct: (877) 262-7593 - Toll Free x327 Fax: (815) 425-2173 General: (877) 262-7593 (9am-5pm CST) -------------------------------------------
Current thread:
- Keystroke Logger bash patch on honeynet.org Eric Hines (Mar 22)
- RE: Keystroke Logger bash patch on honeynet.org Jeff Dell (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Thorsten Holz (Mar 22)
- <Possible follow-ups>
- RE: Keystroke Logger bash patch on honeynet.org Barnett, Ryan C. (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Eric Hines (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Edward Balas (Mar 22)