Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
In the old days I played with something like this: https://github.com/desaster/kippo
But a more modern alternative seems to be the container based approach outlined here. https://lwn.net/Articles/848291/
I wrote an eBPF application that is launched and killed by a PAM session script. It uses the PPID to only record commands and arguments associated with that session. My application was heavily influenced by execsnoop:
https://github.com/iovisor/bcc/blob/master/tools/execsnoop.p...
This project was mentioned recently here - it does this locally.
https://news.ycombinator.com/item?id=35839470
https://github.com/ellie/atuin