Inspector is a security tool with the purpose of identifying users who have both successfully and unsuccessfully switched to root or another user on Linux based Distributions. It does this by scanning through /var/log/auth.log for specific patterns that indicate specific actions/executed commands.
Install the required dependencies using either of the following commands:
python3 -m pip install -r requirements.txt(installs globally)pipenv install -r requirements.txt(installs locally via pipenv)
All you need to do is download the repository. There are no binaries or anything to install.
git clone https://github.com/StrangeRanger/inspector/
Because Inspector needs to access /var/log/auth.log, you'll be required to execute Inspector with root priviledge:
sudo python3 inspector.py
The following is a list of all the Linux Distributions that Inspector officially supports and works on:
| Distributions | Distro Versions |
|---|---|
| Ubuntu | 20.04 16.04 18.04 |
| Debian | 10 9 |