diff --git a/AuthSight.pkg b/AuthSight.pkg
new file mode 100644
index 0000000..c7aea4c
Binary files /dev/null and b/AuthSight.pkg differ
diff --git a/AuthSight.pkgproj b/AuthSight.pkgproj
new file mode 100755
index 0000000..428f00c
--- /dev/null
+++ b/AuthSight.pkgproj
@@ -0,0 +1,1385 @@
+
+
+
+
+ PACKAGES
+
+
+ PACKAGE_FILES
+
+ DEFAULT_INSTALL_LOCATION
+ /usr/local/bin
+ HIERARCHY
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Applications
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 509
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Application Support
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Automator
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Documentation
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Extensions
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Filesystems
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Frameworks
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Input Methods
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Internet Plug-Ins
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ LaunchAgents
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ LaunchDaemons
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ PreferencePanes
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Preferences
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Printers
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ PrivilegedHelperTools
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ QuickLook
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ QuickTime
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Screen Savers
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Scripts
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Services
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Widgets
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ Library
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Shared
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 1023
+ TYPE
+ 1
+ UID
+ 0
+
+
+ GID
+ 80
+ PATH
+ Users
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ authsightd.pl
+ PATH_TYPE
+ 1
+ PERMISSIONS
+ 493
+ TYPE
+ 3
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ imagesnap
+ PATH_TYPE
+ 1
+ PERMISSIONS
+ 493
+ TYPE
+ 3
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ bin
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 2
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ local
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 2
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ usr
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 2
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ /
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+ PAYLOAD_TYPE
+ 0
+ VERSION
+ 4
+
+ PACKAGE_SCRIPTS
+
+ RESOURCES
+
+
+ PACKAGE_SETTINGS
+
+ AUTHENTICATION
+ 1
+ CONCLUSION_ACTION
+ 0
+ FOLLOW_SYMBOLIC_LINKS
+
+ IDENTIFIER
+ org.nogas.pkg.AuthSight
+ LOCATION
+ 0
+ NAME
+ AuthSight
+ OVERWRITE_PERMISSIONS
+
+ RELOCATABLE
+
+ VERSION
+ 1.0
+
+ UUID
+ A5C9DD55-5CF9-476E-B005-08EE0CE72180
+
+
+ PACKAGE_FILES
+
+ DEFAULT_INSTALL_LOCATION
+ /
+ HIERARCHY
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Applications
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 509
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Application Support
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Automator
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Documentation
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Extensions
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Filesystems
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Frameworks
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Input Methods
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Internet Plug-Ins
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ LaunchAgents
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ org.nogas.authsightd.plist
+ PATH_TYPE
+ 1
+ PERMISSIONS
+ 420
+ TYPE
+ 3
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ LaunchDaemons
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ PreferencePanes
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Preferences
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 80
+ PATH
+ Printers
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ PrivilegedHelperTools
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ QuickLook
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ QuickTime
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Screen Savers
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Scripts
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Services
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Widgets
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ Library
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ CHILDREN
+
+
+ CHILDREN
+
+ GID
+ 0
+ PATH
+ Shared
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 1023
+ TYPE
+ 1
+ UID
+ 0
+
+
+ GID
+ 80
+ PATH
+ Users
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+
+ GID
+ 0
+ PATH
+ /
+ PATH_TYPE
+ 0
+ PERMISSIONS
+ 493
+ TYPE
+ 1
+ UID
+ 0
+
+ PAYLOAD_TYPE
+ 0
+ VERSION
+ 4
+
+ PACKAGE_SCRIPTS
+
+ POSTINSTALL_PATH
+
+ PATH
+ post_install.sh
+ PATH_TYPE
+ 1
+
+ RESOURCES
+
+
+ PACKAGE_SETTINGS
+
+ AUTHENTICATION
+ 1
+ CONCLUSION_ACTION
+ 0
+ IDENTIFIER
+ org.nogas.authsight-startup
+ LOCATION
+ 0
+ NAME
+ AuthSightStartup
+ OVERWRITE_PERMISSIONS
+
+ VERSION
+ 1.0
+
+ TYPE
+ 0
+ UUID
+ 4997BE3E-516F-476C-9A70-A38D40DC6308
+
+
+ PROJECT
+
+ PROJECT_COMMENTS
+
+ NOTES
+
+ PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M
+ IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv
+ c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l
+ cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7
+ IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250
+ ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp
+ dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u
+ dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD
+ b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE0MDQuMzQiPgo8c3R5bGUg
+ dHlwZT0idGV4dC9jc3MiPgpwLnAxIHttYXJnaW46IDAuMHB4IDAu
+ MHB4IDAuMHB4IDAuMHB4OyBsaW5lLWhlaWdodDogMTQuMHB4OyBm
+ b250OiAxMi4wcHggSGVsdmV0aWNhOyBjb2xvcjogIzAwMDAwMDsg
+ LXdlYmtpdC10ZXh0LXN0cm9rZTogIzAwMDAwMH0Kc3Bhbi5zMSB7
+ Zm9udC1rZXJuaW5nOiBub25lfQo8L3N0eWxlPgo8L2hlYWQ+Cjxi
+ b2R5Pgo8cCBjbGFzcz0icDEiPjxzcGFuIGNsYXNzPSJzMSI+SW5z
+ dGFsbHMgdGhlIHVwZGF0ZWQgYXV0aHNpZ2h0ZCBwcm9ncmFtIGJh
+ c2VkIG9uIHRoZSBBdXRoc2lnaHQgcHJvamVjdCBieSBKb25hdGhh
+ biBaZHppYXJza2kuPC9zcGFuPjwvcD4KPC9ib2R5Pgo8L2h0bWw+
+ Cg==
+
+
+ PROJECT_PRESENTATION
+
+ INSTALLATION TYPE
+
+ HIERARCHIES
+
+ INSTALLER
+
+ LIST
+
+
+ DESCRIPTION
+
+ OPTIONS
+
+ HIDDEN
+
+ STATE
+ 1
+
+ PACKAGE_UUID
+ A5C9DD55-5CF9-476E-B005-08EE0CE72180
+ TITLE
+
+ TOOLTIP
+
+ TYPE
+ 0
+ UUID
+ 6A09C92B-1EF8-496D-A15B-2D9E913BE7C0
+
+
+ DESCRIPTION
+
+ OPTIONS
+
+ HIDDEN
+
+ STATE
+ 1
+
+ PACKAGE_UUID
+ 4997BE3E-516F-476C-9A70-A38D40DC6308
+ TITLE
+
+ TOOLTIP
+
+ TYPE
+ 0
+ UUID
+ BC4A8959-13BC-4B26-9CF2-45720809A8AB
+
+
+ REMOVED
+
+
+
+ INSTALLATION TYPE
+ 0
+
+ INSTALLATION_STEPS
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewIntroductionController
+ INSTALLER_PLUGIN
+ Introduction
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewReadMeController
+ INSTALLER_PLUGIN
+ ReadMe
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewLicenseController
+ INSTALLER_PLUGIN
+ License
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewDestinationSelectController
+ INSTALLER_PLUGIN
+ TargetSelect
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewInstallationTypeController
+ INSTALLER_PLUGIN
+ PackageSelection
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewInstallationController
+ INSTALLER_PLUGIN
+ Install
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS
+ ICPresentationViewSummaryController
+ INSTALLER_PLUGIN
+ Summary
+ LIST_TITLE_KEY
+ InstallerSectionTitle
+
+
+ INTRODUCTION
+
+ LOCALIZATIONS
+
+
+ LICENSE
+
+ KEYWORDS
+
+ LOCALIZATIONS
+
+ MODE
+ 0
+
+ README
+
+ LOCALIZATIONS
+
+
+ SUMMARY
+
+ LOCALIZATIONS
+
+
+ TITLE
+
+ LOCALIZATIONS
+
+
+ LANGUAGE
+ English
+ VALUE
+ AuthSight
+
+
+
+
+ PROJECT_REQUIREMENTS
+
+ LIST
+
+ POSTINSTALL_PATH
+
+ PREINSTALL_PATH
+
+ RESOURCES
+
+ ROOT_VOLUME_ONLY
+
+
+ PROJECT_SETTINGS
+
+ ADVANCED_OPTIONS
+
+ BUILD_FORMAT
+ 0
+ BUILD_PATH
+
+ PATH
+ .
+ PATH_TYPE
+ 1
+
+ EXCLUDED_FILES
+
+
+ PATTERNS_ARRAY
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .DS_Store
+ TYPE
+ 0
+
+
+ PROTECTED
+
+ PROXY_NAME
+ Remove .DS_Store files
+ PROXY_TOOLTIP
+ Remove ".DS_Store" files created by the Finder.
+ STATE
+
+
+
+ PATTERNS_ARRAY
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .pbdevelopment
+ TYPE
+ 0
+
+
+ PROTECTED
+
+ PROXY_NAME
+ Remove .pbdevelopment files
+ PROXY_TOOLTIP
+ Remove ".pbdevelopment" files created by ProjectBuilder or Xcode.
+ STATE
+
+
+
+ PATTERNS_ARRAY
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ CVS
+ TYPE
+ 1
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .cvsignore
+ TYPE
+ 0
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .cvspass
+ TYPE
+ 0
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .svn
+ TYPE
+ 1
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .git
+ TYPE
+ 1
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ .gitignore
+ TYPE
+ 0
+
+
+ PROTECTED
+
+ PROXY_NAME
+ Remove SCM metadata
+ PROXY_TOOLTIP
+ Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems.
+ STATE
+
+
+
+ PATTERNS_ARRAY
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ classes.nib
+ TYPE
+ 0
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ designable.db
+ TYPE
+ 0
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ info.nib
+ TYPE
+ 0
+
+
+ PROTECTED
+
+ PROXY_NAME
+ Optimize nib files
+ PROXY_TOOLTIP
+ Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles.
+ STATE
+
+
+
+ PATTERNS_ARRAY
+
+
+ REGULAR_EXPRESSION
+
+ STRING
+ Resources Disabled
+ TYPE
+ 1
+
+
+ PROTECTED
+
+ PROXY_NAME
+ Remove Resources Disabled folders
+ PROXY_TOOLTIP
+ Remove "Resources Disabled" folders.
+ STATE
+
+
+
+ SEPARATOR
+
+
+
+ NAME
+ AuthSight
+
+
+ TYPE
+ 0
+ VERSION
+ 2
+
+
diff --git a/README.md b/README.md
index 539ed0c..dc41fc3 100755
--- a/README.md
+++ b/README.md
@@ -1,4 +1,26 @@
authsight
=========
-Snap a webcam picture when someone tries to log into your computer with a wrong password. A remake of the Authsight project by Jonathan Zdziarski.
\ No newline at end of file
+Snap a webcam picture when someone tries to log into your computer with a wrong password. A remake of the Authsight project by Jonathan Zdziarski.
+
+Uses imagesnap from http://iharder.sourceforge.net/current/macosx/imagesnap/ to capture images.
+
+Installation
+============
+
+**With prepackaged installer**
+
+1. Download [AuthSight.pkg](https://github.com/sck-nogas/authsight/blob/master/AuthSight.pkg?raw=true) from this repo and run it.
+
+OR
+
+**Do it yourself**
+
+1. Download imagesnap from http://prdownloads.sourceforge.net/iharder/ImageSnap-v0.2.5.tgz
+2. Copy imagesnap to /usr/local/bin and make executable.
+3. Download org.nogas.authsightd.plist and authsightd.pl from this repo
+4. Copy the authsightd.pl to /usr/local/bin and make executable.
+5. Run `sudo cp org.nogas.authsightd.plist /Library/LaunchDaemon/org.nogas.authsightd.plist`
+6. Run `sudo chown root:wheel /Library/LaunchDaemons/org.nogas.authsightd.plist`
+7. Run `sudo chmod 644 /Library/LaunchDaemons/org.nogas.authsightd.plist`
+8. Run `sudo launchctl load -w /Library/LaunchDaemons/org.nogas.authsightd.plist`
diff --git a/authsightd.pl b/authsightd.pl
old mode 100755
new mode 100644
index 05a83b8..1c0a8d5
--- a/authsightd.pl
+++ b/authsightd.pl
@@ -1,22 +1,27 @@
-#!/usr/bin/perl
-#The original perl script behind authsight
+#!/usr/bin/env perl
use strict;
+use Fcntl;
+use File::stat;
+use IO::File;
use IO::Handle;
+use IO::Select;
use MIME::Base64;
-use File::stat;
-use vars qw { $ISIGHTCAPTURE $LOGDIR $LOGFILE $LAST $EMAIL $AIRPORT $IFCONFIG };
-require "ctime.pl";
+use POSIX qw(:errno_h);
+use vars qw { $IMAGESNAP $LOGDIR $LOGFILE $LAST $EMAIL $AIRPORT $IFCONFIG };
$| = 1;
-$ISIGHTCAPTURE = "/opt/local/bin/isightcapture";
+$IMAGESNAP = "/usr/local/bin/imagesnap";
$LOGDIR = "/var/log/AuthSight";
-$LOGFILE = "/var/log/secure.log";
+$LOGFILE = "/dev/auditpipe";
$EMAIL = "";
$IFCONFIG = "/sbin/ifconfig";
$AIRPORT = "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport";
+my $HEADER_SIZE = 18;
+use constant READ_SIZE => 64*1024;
+#Start of code
mkdir($LOGDIR) if (! -d $LOGDIR);
&log("startup");
&log("reading configuration");
@@ -26,58 +31,80 @@
} else {
&log("logging and reporting to $EMAIL");
}
-open(TAIL, "$LOGFILE");
-while() { }
-for (;;) {
-
- while() {
- chomp;
- if (/failed to authenticate user ([A-Z]*)/i) { ###For 10.6, use /var/log/secure.log
- my($user) = $1;
- if ($LAST eq $_) {
- $LAST = $_;
- &log("strange dupe error. ignoring: $_");
- }
- $LAST = $_;
- my($sec, $min, $hour, $day, $mon, $year) = (localtime(time));
- $year += 1900;
- $mon ++;
- my($date) = sprintf("%02d-%02d-%04d_%02d.%02d.%02d", $mon, $day, $year, $hour, $min, $sec);
- my($file) = "$LOGDIR/$user\_$date.jpg";
- my($result) = `osascript -e 'do shell script "$ISIGHTCAPTURE $file"'`;
- chomp($result);
- &log("CAPTURE ON $_");
- &log("$file $result");
-
- if ($EMAIL ne "") {
- my($data);
- my($stat) = stat($file);
- my($size) = $stat->size();
- &log("emailing photo to $EMAIL size=" . $size);
- open(FILE, "<$file");
- binmode(FILE);
- read(FILE, $data, $size, 0);
- close(FILE);
- &email($data);
- }
- }
- }
-
- select(undef, undef, undef, .20);
-
- if (stat(*TAIL)->nlink == 0) {
- &log("re-opening $LOGFILE on new filehandle");
- close(TAIL);
- open(TAIL, $LOGFILE) || &log("failed to re-open file: $!");
- while() { }
+
+# Open the auditpipe, this should never close.
+sysopen(my ($fh), $LOGFILE, O_RDONLY|O_NONBLOCK) || &log("Couldn't open $LOGFILE for reading: $!\n");
+
+binmode($fh) || &log("can't binmode $LOGFILE") ;
+
+my $sel = new IO::Select ($fh);
+
+for (;;) { # Loop indefinitely, incase auditpipe is closed
+ my $buf = '';
+ my $remaining_bytes;
+ while ($sel->can_read()) {
+ my $rv = sysread($fh, $buf, READ_SIZE, length($buf)); &log("Failed to fill buffer $!\n") if !defined($rv); last if !$rv;
+ while ($buf) {
+ my $msg = substr($buf,0,$HEADER_SIZE, "");
+ my($user) = "";
+ my ($header_token_ID, $header_byte_count, $header_version, $header_event_type, $header_event_modifier, $header_epoch_seconds, $header_milliseconds ) = unpack 'H2 H8 H2 H4 H4 H8 H8', $msg;
+ $remaining_bytes = hex($header_byte_count) - $HEADER_SIZE ;
+ if (length($buf) < $remaining_bytes) { my $rv = sysread($fh, $buf, READ_SIZE, length($buf)); &log("Failed to fill buffer $!\n") if !defined($rv); last if !$rv; }
+ my ($remainder_of_record)= substr ($buf,0,$remaining_bytes, "");
+ if (hex($header_event_type) eq "45023") {
+ if ( ($remainder_of_record =~ /.*Authentication for user <([A-Za-z0-9]*)\x0\x27[^\x0]>/i) or
+ ($remainder_of_record =~ /.*Verify password for record type Users '([A-Za-z0-9]*)'.*\x0\x27[^\x0]/i) or
+ ($remainder_of_record =~ /.*user <([A-Za-z0-9]*)>\x0\x27[^\x0]/i) or
+ ($remainder_of_record =~ /.*Error opening DS node for user <([A-Za-z0-9]*)>\x0\x27[^\x0]/i)
+ ) {
+ if (defined($1)) {
+ $user = $1;
+ if ($LAST eq $_) {
+ $LAST = $_;
+ &log("strange dupe error. ignoring: $_");
+ }
+ $LAST = $_;
+ } else {
+ $user="unknown";
+ }
+ my($sec, $min, $hour, $day, $mon, $year) = (localtime(time));
+ $year += 1900;
+ $mon ++;
+ my($date) = sprintf("%02d-%02d-%04d_%02d.%02d.%02d", $mon, $day, $year, $hour, $min, $sec);
+ my($file) = "$LOGDIR/$user\_$date.jpg";
+ my($result) = `osascript -e 'do shell script "$IMAGESNAP $file"' >> /var/log/authsight.log`;
+ chomp($result);
+ &log("CAPTURE ON $_");
+ &log("$file $result");
+
+ if ($EMAIL ne "") {
+ my($data);
+ my($stat) = stat($file);
+ my($size) = $stat->size();
+ &log("emailing photo to $EMAIL size=" . $size);
+ open(FILE, "<$file");
+ binmode(FILE);
+ read(FILE, $data, $size, 0);
+ close(FILE);
+ &email($data);
+ }
+ }
+ }
+ if (length($buf) < $HEADER_SIZE) { my $rv = sysread($fh, $buf, READ_SIZE, length($buf)); &log("Failed to fill buffer $!\n") if !defined($rv); last if !$rv; }
+ }
+ }
+ if (stat($fh)->nlink == 0) {
+ &log("re-opening $LOGFILE on new filehandle");
+ close($fh);
+ sysopen(my ($fh), $LOGFILE, O_RDONLY|O_NONBLOCK) || &log("Couldn't open $LOGFILE for reading: $!\n");
+ binmode($fh) || &log("can't binmode $LOGFILE");
&log("file re-oened");
- }
- seek(TAIL, 0, 1);
+ }
}
sub log {
my($msg) = @_;
- my($time) = ctime(time);
+ my($time) = time;
my(@proc) = split(/\//, $0);
my($procname) = $proc[$#proc];
chomp $msg;
diff --git a/imagesnap b/imagesnap
new file mode 100755
index 0000000..d2c65f2
Binary files /dev/null and b/imagesnap differ
diff --git a/org.nogas.authsightd.plist b/org.nogas.authsightd.plist
new file mode 100644
index 0000000..a3e2062
--- /dev/null
+++ b/org.nogas.authsightd.plist
@@ -0,0 +1,14 @@
+
+
+
+
+ KeepAlive
+
+ Label
+ org.nogas.authsightd
+ ProgramArguments
+
+ /usr/local/bin/authsightd.pl
+
+
+
diff --git a/post_install.sh b/post_install.sh
new file mode 100644
index 0000000..7c6df78
--- /dev/null
+++ b/post_install.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+/bin/launchctl load -w /Library/LaunchDaemons/org.nogas.authsightd.plist
+