Honeypots mailing list archives
Re: Sebek y and z
From: Edward Balas <ebalas () iu edu>
Date: Thu, 5 Feb 2004 10:46:33 -0500
On Feb 4, 2004, at 10:14 AM, Rick S. wrote:
I notice that Sebek does not pick up on the 'y' and 'z' characters. Am Idoing something wrong?
This was a bug in an older version of sbk_ks_logl.pl. I have just reconfirmed that this bug is not currently present in the 2.1.6 version of sbbk_ks_log.pl. From the looks of it I would speculate that you are running al old version of the script.
setup: 2.4.24 kernel Sebek-server-2.1.6 (port 747) Sebek-2.1.5 (port 747) server command: sbk_extract -i eth0 -p 747 | sbk_ks_log.pl second question. in sbk_install.sh, for KEYSTROKE_ONLY when set to 0 what else does it send?
Sebek is not just a keystroke logger, it has the ability to capture all sys_read activity. By setting this option to 0 you are telling sebek to record all read data. For instance if you want to recover files copied with scp you would need to set KEYSTROKES_ONLY to 0 and use the available web interface which supports this capability.
Rick S.
Current thread:
- Sebek y and z Rick S. (Feb 04)
- Re: Sebek y and z Edward Balas (Feb 05)