Honeypots mailing list archives
Re: Keystroke Logger bash patch on honeynet.org
From: Thorsten Holz <thorsten.holz () mmweg rwth-aachen de>
Date: Mon, 22 Mar 2004 20:23:11 +0100
On Mon Mar 22 10:40:06 2004 Eric Hines wrote:
Does anyone know of a link or any sort of write-up on how to patch and configure the bash keystroke logger provided on honeynet.org?
Perhaps you should have to take a look at what the patch actually does :-)
I patched the bash source code with it, compiled and installed and don't know if its working or where its logging to, or what..
From the patch you applied:
"[...]
#define PORT 514 /* logging port */
[...]
if (logme)
[...]
talker("10.1.1.1", message);
[...]
[...]"
And talker() is a function that sends the message to the desired
address...
Do I need to do anything post-install?
Setup a syslogd on a remote host.
Do I have to set all the shells in the passwd file to bash?
If you want to log all keystrokes, that would be fine ;-)
Are their better keystroke loggers out there?
Try Sebek: http://www.honeynet.org/tools/sebek/ With this rootkit you can log everything that is accessed via the read() system call (but perhaps there are ways to circumvent Sebek out there...) HTH, Thorsten
Attachment:
_bin
Description:
Current thread:
- Keystroke Logger bash patch on honeynet.org Eric Hines (Mar 22)
- RE: Keystroke Logger bash patch on honeynet.org Jeff Dell (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Thorsten Holz (Mar 22)
- <Possible follow-ups>
- RE: Keystroke Logger bash patch on honeynet.org Barnett, Ryan C. (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Eric Hines (Mar 22)
- Re: Keystroke Logger bash patch on honeynet.org Edward Balas (Mar 22)