Monitoring tools to use on an account
in [Debian]
|
From: AG on 27 Jul 2010 13:20 Hi all I'm facing a bit of a delicate issue: I have created an account on my machine for someone staying with us, and I have strong suspicions that he is engaging in on-line behaviour that he is not supposed to be doing. Can anyone recommend a tool thatb I can install, that can monitor his on-line activity - specifically sites he visits and how much time he spends on them? A key logger might also be useful to monitor his activities. I'd need something that will mail me reports to my account without these being transparent to him. Any suggestions, please? Many thanks. AG -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C4F0F14.9030108(a)gmail.com
From: Aniruddha on 27 Jul 2010 15:40 You can also use dansguardian or another web content filter.
From: Camaleón on 28 Jul 2010 07:10 On Tue, 27 Jul 2010 17:53:40 +0100, AG wrote: > I'm facing a bit of a delicate issue: I have created an account on my > machine for someone staying with us, and I have strong suspicions that > he is engaging in on-line behaviour that he is not supposed to be doing. > > Can anyone recommend a tool thatb I can install, that can monitor his > on-line activity - specifically sites he visits and how much time he > spends on them? (...) If he has nothing to hide, all the steps will be tracked by the browser history and cache files. Also, "/tmp" is a good bucket for holding "shared secrets" (recent files, etc...). > A key logger might also be useful to monitor his > activities. There is one for 32-bits systems. "Lkl" is in the repos, though I've not tested. .... Mmm, I am thinking about launching a VNC session (remote desktop) so you can see the user's desktop activities at real time (smiliar to what remote support operators do with their users/customers). Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.07.28.11.05.30(a)gmail.com
From: Karl Vogel on 28 Jul 2010 14:40 >> On Tue, 27 Jul 2010 17:53:40 +0100, AG wrote: A> I'm facing a bit of a delicate issue: I have created an account on my A> machine for someone staying with us, and I have strong suspicions that A> he is engaging in on-line behaviour that he is not supposed to be doing. A> Can anyone recommend a tool thatb I can install, that can monitor his A> on-line activity - specifically sites he visits and how much time he A> spends on them? >> On Wed, 28 Jul 2010 11:05:30 +0000 (UTC), <noelamac(a)gmail.com> said: C> If he has nothing to hide, all the steps will be tracked by the browser C> history and cache files. Also, "/tmp" is a good bucket for holding C> "shared secrets" (recent files, etc...). The problem is if he does have something to hide that the OP might be held liable for. AG, if you're worried about browser activity, can you install squid on your system and change his proxy setting accordingly? This way he leaves a trace even if he sanitizes his browser cache, assuming he doesn't have root privileges. Another possibility - running tcpdump or the moral equivalent and checking the packet dumps periodically for anything hinky. This way you catch any bad network activity, not just the browser. Something like this at boot to avoid filling your entire drive: k=1 while true; do out=/some/dir/dump.$k # /some/dir owned by you, mode 700 tcpdump -c 500000 -w $out # season to taste # check the dump for anything suspicious, remove it if clean tcpdump -r $out ... some filter here ... || rm $out k=$((k+1)) done You might also change the permissions on "ps" so he can't see "tcpdump" or any other steps you might take. -- Karl Vogel I don't speak for the USAF or my company If you can't be kind, at least have the decency to be vague. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100728175429.7333ABED9(a)kev.msw.wpafb.af.mil
From: hugo vanwoerkom on 30 Jul 2010 12:20
AG wrote: > Hi all > > I'm facing a bit of a delicate issue: I have created an account on my > machine for someone staying with us, and I have strong suspicions that > he is engaging in on-line behaviour that he is not supposed to be doing. > > Can anyone recommend a tool thatb I can install, that can monitor his > on-line activity - specifically sites he visits and how much time he > spends on them? A key logger might also be useful to monitor his > activities. > > I'd need something that will mail me reports to my account without these > being transparent to him. > > Any suggestions, please? > Unless I am mistaken, the issue got sidetracked to 'whether one ought to monitor'. But I have this situation: a person uses this laptop when I am not around and yesterday the system shutdown twice while this person was using it. All I see in syslog is: Jul 29 16:28:26 debian gdm[3069]: WARNING: Failed to start X server several times in a short time period; disabling display :0 Jul 29 16:28:26 debian /usr/sbin/gpm[2894]: *** info [daemon/processrequest.c(42)]: Jul 29 16:28:26 debian /usr/sbin/gpm[2894]: Request on 6 (console 8) Jul 29 16:28:26 debian /usr/sbin/gpm[2894]: *** info [daemon/processrequest.c(42)]: Jul 29 16:28:26 debian /usr/sbin/gpm[2894]: Request on 6 (console 8) Jul 29 16:30:00 debian Modtemp[2577]: =[getty 0.0]=> Thu Jul 29 16:30:00 2010 T2=C T3=C busy=81% MHz=1.50 (240) Jul 29 16:31:40 debian acpid: client 9593[0:0] has disconnected Jul 29 16:31:40 debian shutdown[24154]: shutting down for system halt This person knows nothing of commands or VT's so it was just internet browsing activity. I would sure like to know what happened. Hugo -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/i2utmq$a9p$1(a)dough.gmane.org |