Hey Martin, You're going to run into this with anything that collects *all* commands run on the system if you're using any sort of maintenance infrastructure.
A couple of questions. 1) Are you using Linux? If so, why won't auditd suffice? 2) I *think* that the requirement is to capture privileged commands from users, not daemons. Can you restrict snoopy to only looking at users with TTY sessions or use ala pam_tty_audit? 3) Finally, you might want to take a look at roosh, or our fork of sudosh2 https://github.com/onyxpoint/sudosh2 4) If you can't do any of these, you're going to have a really hard time using any system like Puppet Good luck, Trevor On Thu, Aug 27, 2015 at 5:04 AM, Martin Alfke <[email protected]> wrote: > Hi, > > we encounter a problem with puppet agent and snoopy installed and > activated. > Snoopy is required for PCI DSS compliance. > > > apt-cache show snoopy > Package: snoopy > Version: 1.8.0-5 > Installed-Size: 24 > Maintainer: Zed Pobre <[email protected]> > Architecture: amd64 > Depends: libc6 (>= 2.2.5), debconf (>= 0.5) | debconf-2.0 > Description-en: execve() wrapper and logger > snoopy is merely a shared library that is used as a wrapper > to the execve() function provided by libc as to log every call > to syslog (authpriv). system administrators may find snoopy > useful in tasks such as light/heavy system monitoring, tracking other > administrator's actions as well as getting a good 'feel' of > what's going on in the system (for example apache running cgi > scripts). > Homepage: http://sourceforge.net/projects/snoopylogger/ > > > > /opt/puppetlabs/bin/puppet agent --test --server master.example.net > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Caching catalog for master.example.net > Info: Applying configuration version '1440665887' > Notice: Welcone to master.example.net > Notice: /Stage[main]/Main/Node[default]/Notify[Wemlcone to > master.example.net]/message: defined 'message' as 'Wemlcone to > master.example.net' > Notice: Applied catalog in 0.02 seconds > [ASYNC BUG] consume_communication_pipe: read > > EBADF > > ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux] > > [NOTE] > You may have encountered a bug in the Ruby interpreter or extension > libraries. > Bug reports are welcome. > For details: http://www.ruby-lang.org/bugreport.html > > Aborted > > The Ruby error varies. Sometimes it is rb_thread_wakeup timer_thread > instead of consume_communication_pipe > > How to have snoopy and Puppet coexisting? > > Best, > Martin > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-dev/A32579C0-8036-4637-8706-239CA74F93CF%40gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoVVmwx13A0kMW%2BMnjLQsqAqxWMQn3Y2eMbgRqMnVyohnw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
