From 1e5af2f4b2461897e164d5b53712b9892b54fd0c Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 15 Nov 2023 08:20:42 +0000
Subject: [PATCH 1/5] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 855d3c5..2629e9d 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# eBPF tools
-A (short) collecton of eBPF enabled tools (needs root privileges to run);
+A (short) collecton of eBPF enabled tools (need root privileges to run);
Prerequisite: Install the latest bpftrace tool:
```sh
From 353e7aa71cec44c7a24015720b814b683b48baab Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 15 Nov 2023 08:21:06 +0000
Subject: [PATCH 2/5] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 2629e9d..7a8e3e9 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ chmod 755 bpftrace
This tools records all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
```
-./bpftrace -B none ptysnoop.bt
+./bpftrace -Bnone ptysnoop.bt
```
From f106c5c75efec21088edebb9e77d7268ed02372d Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 15 Nov 2023 08:26:55 +0000
Subject: [PATCH 3/5] Update README.md
---
README.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 7a8e3e9..f7499be 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ chmod 755 bpftrace
## Sniff all ssh/login/xterm session:
-This tools records all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
+Record all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
```
./bpftrace -Bnone ptysnoop.bt
@@ -18,3 +18,5 @@ This tools records all PTY sessions and sniffs all ssh/sudo/su passwords of all
+
+Tools by others: [SSHLog](https://ebpf.io/applications/#sshlog).
From 8b0527f1e6dc028a615e5621a17c9c55a09bb475 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 15 Nov 2023 11:49:15 +0000
Subject: [PATCH 4/5] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index f7499be..214e8a1 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ chmod 755 bpftrace
Record all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
```
-./bpftrace -Bnone ptysnoop.bt
+BPFTRACE_STRLEN=200 ./bpftrace -Bnone ptysnoop.bt
```
From 3a22038275f5bf93c7219ef9dfb18f7aaca4a4e8 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 15 Nov 2023 11:53:33 +0000
Subject: [PATCH 5/5] Update README.md
---
README.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 214e8a1..7e69694 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
A (short) collecton of eBPF enabled tools (need root privileges to run);
Prerequisite: Install the latest bpftrace tool:
-```sh
+```console
curl -o bpftrace -fsSL https://github.com/iovisor/bpftrace/releases/latest/download/bpftrace
chmod 755 bpftrace
```
@@ -12,8 +12,9 @@ chmod 755 bpftrace
Record all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
-```
-BPFTRACE_STRLEN=200 ./bpftrace -Bnone ptysnoop.bt
+```console
+export BPFTRACE_STRLEN=200
+./bpftrace -Bnone ptysnoop.bt
```