Re: TTYSnooping error
Hi.
On Sat, 29 Oct 2016 09:45:21 +0000
Pietro <pulsarpietro@posteo.net> wrote:
> Hi,
>
> I have tried to write directly to the author (carl@miskatonic.inbe.net)
> as reported in the man page but the domain does not exist anymore.
It's an old tool. Such things are to be expected.
> I am lost in a glass of water - as we use to say in Italy - and I really
> do not know where to get some light from as Google is very good ..
> in giving partial answers or to increase the amount of confusion in
> somebody's mind :-)
>
> The ttysnooping tool which comes with Debian seems to be broken, I can
> successfully log in after having modified the inittabfile but I can't
> snoop anything as all I get from the ttysnooping client is a prompt for
> a password which is swiftly refused - I am assuming the root password is
> what the tool is asking for.
Personally I could never understand why bother implementing such a tool
in the first place, since tty snooping (among the other things) can be
done with relatively simple strace invocation.
Still, according to the package's README.Debian, 'ttysnoop ttyFOO'
requires a root password.
You should probably ensure that your gettys are running with
'-L /usr/sbin/ttysnoops' commandline option.
> I really do not understand as I am sure I am typing the correct
> password, what's happening ?
Install ltrace. Run as root (crucial!):
ltrace ttysnoop <needed_tty_here>
Post the result here. Feel free to edit out any references to a real
passwords, usernames or hashes of above.
> I have tried to download the sources and compile them for Slackware but
> I am still experiencing the same issue, I am a bit confused by the fact
> that I can't find any "main" repository for the project while there are
> plenty of tarball coming from different Linux distros.
According to [1], upstream site was http://ftp.cc.gatech.edu/, which is
now considered unavailable. According to the 'control' file, one should
be able to grab the source via svn, by using [2].
> Is there a "vanilla" version I can download and play with or, as
> alternative, would you be able to tell me the terribly naive mistake I
> am making ?
Not anymore. Upstream is unavailable.
> The first Google's result does not contain anything "down-loadable" and
> what I have been playing with gives me the issues I have just described:
>
> https://packages.debian.org/sid/admin/ttysnoop
That's the Debian package's page.
> Is this the "official" website for the project ?
>
> https://sourceforge.net/projects/ttysnoop/
SourceForge is a warez dump. Don't trust anything downloaded from
there.
Reco
[1]
http://http.debian.net/debian/pool/main/t/ttysnoop/ttysnoop_0.12d-6.debian.tar.gz
[2] svn://anonscm.debian.org/collab-maint/deb-maint/ttysnoop/trunk/
Reply to: