Securituy - logging of user commands

[Damien Fleuriot]

Hello list,



We're currently working towards the PCI DSS certification (Payment Card
Industry) for a project at work.


One of the prerequisites is that all user commands be logged.

We're currently using a very bad hack that takes the last command from a
user's history and sends it to a log server.

This of course is unreliable as a user may entirely disable their
history, or just use another shell to bypass the csh function or whatever.



My colleagues installed Snoopy on debian and it seems to work wonders as
a module which is LD preloaded.


I notice it also exists on FreeBSD as /usr/ports/security/snoopy .


However I face several problems with it, mainly it doesn't seem to log
anything.



As per the README, I have added "/usr/local/lib/snoopy.so" to
/etc/ld.so.preload

I'm not even sure this file is used on BSD ?

As per the man page for ld.so there's no such file:
http://www.freebsd.org/cgi/man.cgi?query=ld.so

Neither libmap.conf nor ldconfig(8) seem to be the answer either.



I've googled for ld.so.conf and found the following 2 posts which seem
to indicate it isn't used either:
http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html
http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html

The posts mention -current but date back from 2003.



Lastly, I have also noticed that the port installs /usr/local/bin/detect
which I executed and would always reply "something's fishy".

By looking at the (very short) source I noticed the program merely loads
/lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with
/lib/libc.so.7).
Adjusting and recompiling lets the program correctly print "secure" but
it does nothing else.

I have checked that the output /usr/local/lib/snoopy.so module is linked
against libc.so.7 , and it is.



Has anyone ever got Snoopy to work on BSD ?
Might I need to install linux emulation ?

Is there any other port that might do the job and which I could use ?