Re: Monitoring tools to use on an account
>> On Tue, 27 Jul 2010 17:53:40 +0100, AG wrote:
A> I'm facing a bit of a delicate issue: I have created an account on my
A> machine for someone staying with us, and I have strong suspicions that
A> he is engaging in on-line behaviour that he is not supposed to be doing.
A> Can anyone recommend a tool thatb I can install, that can monitor his
A> on-line activity - specifically sites he visits and how much time he
A> spends on them?
>> On Wed, 28 Jul 2010 11:05:30 +0000 (UTC), <noelamac@gmail.com> said:
C> If he has nothing to hide, all the steps will be tracked by the browser
C> history and cache files. Also, "/tmp" is a good bucket for holding
C> "shared secrets" (recent files, etc...).
The problem is if he does have something to hide that the OP might be
held liable for. AG, if you're worried about browser activity, can you
install squid on your system and change his proxy setting accordingly?
This way he leaves a trace even if he sanitizes his browser cache,
assuming he doesn't have root privileges.
Another possibility - running tcpdump or the moral equivalent and
checking the packet dumps periodically for anything hinky. This way you
catch any bad network activity, not just the browser. Something like
this at boot to avoid filling your entire drive:
k=1
while true; do
out=/some/dir/dump.$k # /some/dir owned by you, mode 700
tcpdump -c 500000 -w $out # season to taste
# check the dump for anything suspicious, remove it if clean
tcpdump -r $out ... some filter here ... || rm $out
k=$((k+1))
done
You might also change the permissions on "ps" so he can't see "tcpdump" or
any other steps you might take.
--
Karl Vogel I don't speak for the USAF or my company
If you can't be kind, at least have the decency to be vague.
Reply to: