Inspector¶

Inspector is a security tool with the purpose of identifying users who have both successfully and unsuccessfully switched to root or another user on Linux based Distributions. It does this by scanning through /var/log/auth.log for specific patterns that indicate specific actions/executed commands.

Getting Started¶

Prerequisites¶

Install the required dependencies using either of the following commands:

• python3 -m pip install -r requirements.txt (installs globally)
• pipenv install -r requirements.txt (installs locally via pipenv)

Installing¶

All you need to do is download the repository. There are no binaries or anything to install.

git clone https://github.com/StrangeRanger/inspector/

Usage¶

Because Inspector needs to access /var/log/auth.log, you'll be required to execute Inspector with root priviledge:

sudo python3 inspector.py

Supported Distributions¶

The following is a list of all the Linux Distributions that Inspector officially supports and works on: