snoopy for chroot

[hatamiarash7]

How can I use Snoopy for restricted SSH access like the chroot? Can you help me? The normal installation on the host does not collect logs for this type of user.

I have these groups:

• admin users ( snoopy worked )
• normal users ( snoopy worked )
• restricted users / chroot ( snoopy not worked )

[bostjan]

Processes within chroot are limited to seeing whatever is inside that chroot. This means that if there aren't /etc/ld.so.preload and .../libsnoopy.so (and snoopy.ini) files in their correct locations inside chroot, preloading Snoopy inside chroot will not work.

[hatamiarash7]

I tried all these and it didn't work. The following files are currently available:

• /<CHROOT DIR>/etc/ld.so.preload
• /<CHROOT DIR>/etc/snoopi.ini
• /<CHROOT DIR>/var/log/auth.log
• /<CHROOT DIR>/lib/x86_64-linux-gnu/libsnoopy.so

[bostjan]

(Pardon for a slight delay in my responses.)

At this point, it would be best to use the strace tool and compare a working Snoopy trace (outside chroot) with a non-working one (inside chroot). That way, you'll see where the actual issue lies (i.e. does the dynamic loader read the correct ld.so.preload file, is libsnoopy.so loading actually attempted etc.