Inspector is a security tool with the purpose of identifying users who have both successfully and unsuccessfully switched to root or another user on Linux based Distributions. It does this by scanning through /var/log/auth.log
for specific patterns that indicate specific actions/executed commands.
Install the required dependencies using either of the following commands:
python3 -m pip install -r requirements.txt
(installs globally)pipenv install -r requirements.txt
(installs locally via pipenv)
All you need to do is download the repository. There are no binaries or anything to install.
git clone https://github.com/StrangeRanger/inspector/
Because Inspector needs to access /var/log/auth.log
, you'll be required to execute Inspector with root priviledge:
sudo python3 inspector.py
The following is a list of all the Linux Distributions that Inspector officially supports and works on:
Distributions | Distro Versions |
---|---|
Ubuntu | 20.04 16.04 18.04 |
Debian | 10 9 |