?
Solved

spying unix system

Posted on 2005-04-16
14
Medium Priority
?
401 Views
Last Modified: 2013-12-04
Is there a way to log the key strokes in the unix system ? Or atleast monitor the activity on the web browser ?
0
Comment
Question by:aramakrishna
14 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13802094
> .. log key strokes ..
yes, if you find a key logger for your system

> Or atleast monitor the activity on the web browser ?
force the browser to use your proxy
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13831411
> Is there a way to log the key strokes in the unix system
http://www.securiteam.com/tools/5KP0S1P9PE.html
However, you need to use it by caution, or you will be in jail....
0
 
LVL 7

Expert Comment

by:macker-
ID: 13839251
it would help to know what you're trying to achieve... e.g. if you are trying to intercept all data transmitted, track what web sites are visited, or just looking for specific items of importance.

an http proxy can be used for auditing and restriction, and can often be implemented in "transparent" mode by way of route/firewall rulesets and/or a bridge.

tracking actual keystrokes would probably be better served by a hardware device, so as to restrict access to the captured data to someone with physical access.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:aramakrishna
ID: 13842366
Thanks for the comments.

I'm trying to monitor the activity on the browser. Especially content in the emails, chat conversations etc. Looks like http proxy is the solution.
Any pointers on how to implement this solution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 375 total points
ID: 13842473
> Especially content in the emails, chat conversations etc.
Keep legal issues in mind!

Said this, a http proxy is not the tool to control this.
For chat the firewall is the point to check, but most chat clients are able to use well known ports (like 80) for their traffic, hence you loose again here if you don't have an application level firewall which inspects the traffic.

For email, you should setup your MTA to filter email, and here you loos with crypted mails ;-)

For an HTTP proxy, simply redirect all http/https traffic at your firewall to your proxy.

All in all this sounds like you don't trust the people you give access to a computers.
Better think about policies for the usage, or don't give them access, or fire those you can't trust.
Experianced users will always find a way arround your controlling anyway ..
0
 
LVL 7

Expert Comment

by:macker-
ID: 13845936
as ahoffman says, people will find ways around it, if they know it's in place and want to bypass it.

without knowing the reasoning, I can say that mass monitoring of traffic tends to be .. well .. time-consuming.  It's probably not of benefit to spend all your time looking over every line, and rather, to be alerted if specific activity is occurring.  In most situations where this sort of monitoring will be of benefit in the first place, for legal purposes, it just isn't worth the time to pore over every line.

A far more "friendly" and effective solution is going to be to run a squid proxy that looks for "bad" requests, and redirect those requests to a "not allowed under policy" page, and/or to log those requests.  This also has the benefit of improving speeds and reducing network utilization.

The other approach I would take is to run 'snort' to monitor for specific types of traffic, words, etc... snort can recognize chat protocols such as AIM, web traffic, mail traffic, DoS attacks, viruses, ... virtually anything.  There's also a number of tools that allow you to more easily audit the logs, useful for identifying patterns vs. isolated incidents.

As ahoffman said, you can have your MTA filter e-mail, and it's also possible to record e-mail for future purposes.  There's a good discussion about recording e-mail, and the legality of this, here: http://www.redearthsoftware.com/email-monitoring-article.htm  It's also worth noting that due to recent changes in regulations affecting US financial institutions, and law in Germany, there will be e-mail "monitoring" capabilities in most major MTAs.

Lastly
0
 
LVL 7

Expert Comment

by:macker-
ID: 13845959
er..

Lastly, I do have to agree with ahoffman's statements regarding the necessity for monitoring.  There are cases where it is needed to be able to access past activities, etc. but it's up to the individual person to consider whether the methods being considered or implemented are the best approach.  It's very easy to find the cost exceed the benefit in such situations.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13851324
> e-mail "monitoring"  .. in germany ..
is illegal by law (since roughly 80 years or so;-), even for email at work
If you do that, you need written permission from each (human) person who's emal is monitored
0
 
LVL 7

Expert Comment

by:macker-
ID: 13854568
My understanding is that there has been recent regulations requiring ISP's in Germany to have the capability for recording e-mail, presumably for law enforcement reasons.  There's a link that provides further details - http://www.regtp.de/imperia/md/content/tech_reg_t/ueberwachu/TR_TKUE_Ausgabe_4-1_06-01-2005.pdf
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13856492
<ot>
TR TKÜ regulates monitoring of connection data per law, means that ISPs have to log and store connection data and support technical equipment so that federal (security) offices can connect and monitor all traffic on a connection. But such connections still need written permission by a prosecutor (don't discussing how this should work reliable in practice).
Any payload (email, HTTP, whatever) is still subject to privacy laws and not affected by TR TKÜ. Recording payload is prohibeted.
</ot>
0
 
LVL 7

Expert Comment

by:macker-
ID: 13860564
Hmm.  Based on that translation, I may be mistaken.  Inter7 developed a patch for qmail to meet new U.S. laws regarding financial institutions, and also cited the above document for similar requirements in Germany.  Oh well, thanks for the translation.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13862284
macker- do you have a link to the translation?
0
 
LVL 7

Expert Comment

by:macker-
ID: 13863555
sorry, no, thought what you posted was a translation.  my mistake.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13864495
yes was a translation, but just the core purpose of this new guideline/law
let me know if you need more informations
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Integration Management Part 2
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question