spying unix system

Is there a way to log the key strokes in the unix system ? Or atleast monitor the activity on the web browser ?
aramakrishnaAsked:
Who is Participating?
 
ahoffmannConnect With a Mentor Commented:
> Especially content in the emails, chat conversations etc.
Keep legal issues in mind!

Said this, a http proxy is not the tool to control this.
For chat the firewall is the point to check, but most chat clients are able to use well known ports (like 80) for their traffic, hence you loose again here if you don't have an application level firewall which inspects the traffic.

For email, you should setup your MTA to filter email, and here you loos with crypted mails ;-)

For an HTTP proxy, simply redirect all http/https traffic at your firewall to your proxy.

All in all this sounds like you don't trust the people you give access to a computers.
Better think about policies for the usage, or don't give them access, or fire those you can't trust.
Experianced users will always find a way arround your controlling anyway ..
0
 
ahoffmannCommented:
> .. log key strokes ..
yes, if you find a key logger for your system

> Or atleast monitor the activity on the web browser ?
force the browser to use your proxy
0
 
wesly_chenCommented:
> Is there a way to log the key strokes in the unix system
http://www.securiteam.com/tools/5KP0S1P9PE.html
However, you need to use it by caution, or you will be in jail....
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
macker-Commented:
it would help to know what you're trying to achieve... e.g. if you are trying to intercept all data transmitted, track what web sites are visited, or just looking for specific items of importance.

an http proxy can be used for auditing and restriction, and can often be implemented in "transparent" mode by way of route/firewall rulesets and/or a bridge.

tracking actual keystrokes would probably be better served by a hardware device, so as to restrict access to the captured data to someone with physical access.
0
 
aramakrishnaAuthor Commented:
Thanks for the comments.

I'm trying to monitor the activity on the browser. Especially content in the emails, chat conversations etc. Looks like http proxy is the solution.
Any pointers on how to implement this solution.
0
 
macker-Commented:
as ahoffman says, people will find ways around it, if they know it's in place and want to bypass it.

without knowing the reasoning, I can say that mass monitoring of traffic tends to be .. well .. time-consuming.  It's probably not of benefit to spend all your time looking over every line, and rather, to be alerted if specific activity is occurring.  In most situations where this sort of monitoring will be of benefit in the first place, for legal purposes, it just isn't worth the time to pore over every line.

A far more "friendly" and effective solution is going to be to run a squid proxy that looks for "bad" requests, and redirect those requests to a "not allowed under policy" page, and/or to log those requests.  This also has the benefit of improving speeds and reducing network utilization.

The other approach I would take is to run 'snort' to monitor for specific types of traffic, words, etc... snort can recognize chat protocols such as AIM, web traffic, mail traffic, DoS attacks, viruses, ... virtually anything.  There's also a number of tools that allow you to more easily audit the logs, useful for identifying patterns vs. isolated incidents.

As ahoffman said, you can have your MTA filter e-mail, and it's also possible to record e-mail for future purposes.  There's a good discussion about recording e-mail, and the legality of this, here: http://www.redearthsoftware.com/email-monitoring-article.htm  It's also worth noting that due to recent changes in regulations affecting US financial institutions, and law in Germany, there will be e-mail "monitoring" capabilities in most major MTAs.

Lastly
0
 
macker-Commented:
er..

Lastly, I do have to agree with ahoffman's statements regarding the necessity for monitoring.  There are cases where it is needed to be able to access past activities, etc. but it's up to the individual person to consider whether the methods being considered or implemented are the best approach.  It's very easy to find the cost exceed the benefit in such situations.
0
 
ahoffmannCommented:
> e-mail "monitoring"  .. in germany ..
is illegal by law (since roughly 80 years or so;-), even for email at work
If you do that, you need written permission from each (human) person who's emal is monitored
0
 
macker-Commented:
My understanding is that there has been recent regulations requiring ISP's in Germany to have the capability for recording e-mail, presumably for law enforcement reasons.  There's a link that provides further details - http://www.regtp.de/imperia/md/content/tech_reg_t/ueberwachu/TR_TKUE_Ausgabe_4-1_06-01-2005.pdf
0
 
ahoffmannCommented:
<ot>
TR TKÜ regulates monitoring of connection data per law, means that ISPs have to log and store connection data and support technical equipment so that federal (security) offices can connect and monitor all traffic on a connection. But such connections still need written permission by a prosecutor (don't discussing how this should work reliable in practice).
Any payload (email, HTTP, whatever) is still subject to privacy laws and not affected by TR TKÜ. Recording payload is prohibeted.
</ot>
0
 
macker-Commented:
Hmm.  Based on that translation, I may be mistaken.  Inter7 developed a patch for qmail to meet new U.S. laws regarding financial institutions, and also cited the above document for similar requirements in Germany.  Oh well, thanks for the translation.
0
 
ahoffmannCommented:
macker- do you have a link to the translation?
0
 
macker-Commented:
sorry, no, thought what you posted was a translation.  my mistake.
0
 
ahoffmannCommented:
yes was a translation, but just the core purpose of this new guideline/law
let me know if you need more informations
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.