|
Honeypots
mailing list archives
RE: Keystroke Logger bash patch on honeynet.org
From: "Barnett, Ryan C." <Ryan.Barnett () atf gov>
Date: Mon, 22 Mar 2004 13:50:59 -0500
You need to edit the talker line of the (logme) section to point to the host were you want these logs sent to. By
default, it logs to 10.1.1.1 -
############
talker("10.1.1.1", message);
############
Change this to your syslog server, or better yet to a non-existant IP and let your sniffer pick it up.
Most Respectfully,
Ryan C. Barnett
SANS: GCFA, GCIH, GCUX, GSEC
Department of Justice - ATF
Information Services Division
Operations Security Team Lead
Email: Ryan.Barnett () atf gov
Pager: Ryan.Barnett () skytel com
Phone: 202-927-2913
-----Original Message-----
From: Eric Hines [mailto:eric.hines () appliedwatch com]
Sent: Monday, March 22, 2004 1:40 PM
To: honeypots () securityfocus com
Subject: Keystroke Logger bash patch on honeynet.org
Does anyone know of a link or any sort of write-up on how to
patch and configure
the bash keystroke logger provided on honeynet.org?
I patched the bash source code with it, compiled and installed
and don't know if
its working or where its logging to, or what.. Do I need to do anything
post-install? Do I have to set all the shells in the passwd
file to bash? This
is of course referring to
http://www.honeynet.org/tools/dcapture/bash-perassi.patch
Are their better keystroke loggers out there?
Google has turned up nothing on this bash patch.
BRDS,
Eric Hines, GCIA
CEO, President
Applied Watch Technologies, Inc.
-------------------------------------------
Eric Hines, GCIA
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines () appliedwatch com
-------------------------------------------
Direct: (877) 262-7593 - Toll Free x327
Fax: (815) 425-2173
General: (877) 262-7593 (9am-5pm CST)
-------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
