Ubuntu'da Bilgisayar Takip Sistemi Öneri

[ersinc]

Merhabalar, İş Yerimizde Kullandığımız 20+ Bilgisayarda Ubuntu Kullanmaktayız. Fakat Çalışanları Takip Edebilmemiz İçin Bir Program Gerekiyor. Ubuntuda Böyle Bir Program Varmıdır. Bu Şirketimiz İçin Çok Önemli Bir Konu Biz İstemeyerekte Olsa Ubuntudan Çıkmayı Asla İstemiyoruz. Fakat Böyle Bir Yazılıma Sahip Olamadığımızda Malesef İşletim Sistemlerini Değiştirmek Zorunda Kalacağız. Bu Konuda Önerilerinizi Beklemekteyim.
Ubuntuyu Destekleyen Bir Şirket Olarak, Bu Konuda Sizlerden Yardım Talep Etmekteyim.

İlginiz İçin Teşekkür Eder, İyi Çalışmalar Dilerim.

[mhmtkrktr]

Çalışanların nesini takip etmeniz gerekiyor? Giriş çıkışlarını mı? Hesaplarını mı? Yada ne bileyim, bir güvenlik ekibi varda belirli saatlerde belirli noktalarda mı olmaları gerekiyor gibi.
Daha önemlisi, soru sormadan cevap verebileceğimiz bir konuda olacak mı bu forumda?
Memnunsanızda sırf bu sebeple Ubuntu dan neden vazgeçesiniz. Hiç çıkamazsanız işin içinden, bir bilgisayarda Windows la bu işi yapar, geri kalan 19 tanesinde devam edersiniz.

[ersinc]

Merhabalar,

Kontrol etmek istediğimiz noktalar, girdiği siteler, bilgisayarda yaptığı işler. Kısacası takip programı gibi. Bu bizim için çok önemli. Tüm pclere yapmamız gerekiyor.Yardımlarınızı rica ediyorum.

Teşekkür ederim.

[Nikel Adam]

Long answer: The usual way to detect an unwanted process:

I don't know if these would be the best steps to follow, but if I suspected that a keylogger was running in my system, I would take the following steps:

1) Disconnect from the network - I wouldn't like any other keystrokes going anywhere

2) Go to ~/.config/autostart and do a

Code:

ls -al

Inspect the desktop files there for suspicious commands.

2) If nothing is found, then open System Monitor / top / htop and see every single process running under my user. I would also enable the "Status" of the process to be shown. A keylogger is always in Running status. That way, if the attacker has given it a name similar to other processes, the identification will be easier (e.g. if there are X instances of an executable and only one is in Running mode)

3) If I cannot find any suspicious command, I would run

Code:

ps aux | grep "$HOME" | grep -v grep

to see what is currently running through my home directory. The reason why I believe that if a keylogger is running then it is being done through my home directory is that getting root access to my system is quite a difficult thing to do. There aren't many efficient exploits out in the wild if your system is updated.

4) There is a possibility that once the script detected that there was no internet connection, it shut itself down. I would search for all the executable files in my home directory and inspect them one by one:

Code:

find ~/ -executable -type f

In case the executed file is a script without the executable bit (which can be executed through e.g. the command bash scriptname then I would run this slow but reliable script:

Code:

#!/bin/bash
find ~/ -type f > all_files
while read i; do
   file -b "$i" | grep script &> /dev/null
   if [[ $? -eq 0 ]]; then
      echo "$i" >> script_files
   fi
done < all_files


rm -rf all_files

that will create a script_files file that will contain all the scripts inside your home directory. Recognizing what each one of them is and does would be a good move.

5) If nothing is found then probably your system is secure. There is the case that the file is run with root privileges, using one of the many ways to do this. The only way that someone could do this is if you run something as root or you gave it your password.

6) If you want, you can install Wireshark and see the packages that go in and out of your PC. I haven't used it a lot but I find it hard to distinguish between malicious packets and non malicious ones - I guess you need to be more of an expert to properly understand the packets. Your keystrokes can leave your PC encrypted (in base64, for example) so as to be hard for you to find out. Also, there is no way that every keystroke is leaving your pc while it is being typed, They are logged and they are leaving your PC e.g. once every hour, or even once every day or week.


As for what I would recommend in order to avoid such attacks, which can be from a keylogger to a password stealer to a home directory remover, that is my opinion:

1) Install a good firewall and learn to configure it.
2) DO NOT run servers for fun. Do not install apache or ssh servers in your laptop if you can avoid it.
3) If you can't avoid it, then DO NOT use the default ports for them!
4) Always install all the available updates as soon as possible.

Bu anlatılanlarla takip edebilirsin.

[hsynblgn]

iyi günler  aşağıdaki  uygulamayı  bir inceleyin isterseniz işinizi görebilir.  arka planda çalışıyormuş ayarlar gizlilik bölümünden ayarları yaplabiliyormuş
https://apps.ubuntu.com/cat/applications/activity-log-manager/

[mhmtkrktr]

Sorunun doğrudan cevabı olmayacak ama bir kenarda bilgi olarak dursun.
Bu işi yasal gerekçelerle yapmak istiyorsanız 5651 loglama cihazı kullanabilirsiniz. Mikrotik, Cisco gibi cihazların bu konuda üretilmiş özel yazılımları var. Fiyatı 400-500 TL civarında. Bant genişliği ayarlama gibi hot-spot çözümler de olsun derseniz, rakam 1000TL civarı. Ama burada tutulan kayıtları kullanıcı göremiyor. (en azından benim bildiklerim) Özel olarak sıkıştırılıp şifreleniyor kayıtlar. İhtiyaç durumunda Emniyete veriliyor.

Kendimiz kontrol ederiz derseniz Linux 'un uzmanlık alanı bu. Fakat konuya vakıf birinden cevap beklemek gerekiyor.

[Nikel Adam]

Long answer: The usual way to detect an unwanted process:

I don't know if these would be the best steps to follow, but if I suspected that a keylogger was running in my system, I would take the following steps:

1) Disconnect from the network - I wouldn't like any other keystrokes going anywhere

2) Go to ~/.config/autostart and do a

Code:

ls -al

Inspect the desktop files there for suspicious commands.

2) If nothing is found, then open System Monitor / top / htop and see every single process running under my user. I would also enable the "Status" of the process to be shown. A keylogger is always in Running status. That way, if the attacker has given it a name similar to other processes, the identification will be easier (e.g. if there are X instances of an executable and only one is in Running mode)

3) If I cannot find any suspicious command, I would run

Code:

ps aux | grep "$HOME" | grep -v grep

to see what is currently running through my home directory. The reason why I believe that if a keylogger is running then it is being done through my home directory is that getting root access to my system is quite a difficult thing to do. There aren't many efficient exploits out in the wild if your system is updated.

4) There is a possibility that once the script detected that there was no internet connection, it shut itself down. I would search for all the executable files in my home directory and inspect them one by one:

Code:

find ~/ -executable -type f

In case the executed file is a script without the executable bit (which can be executed through e.g. the command bash scriptname then I would run this slow but reliable script:

Code:

#!/bin/bash
find ~/ -type f > all_files
while read i; do
   file -b "$i" | grep script &> /dev/null
   if [[ $? -eq 0 ]]; then
      echo "$i" >> script_files
   fi
done < all_files


rm -rf all_files

that will create a script_files file that will contain all the scripts inside your home directory. Recognizing what each one of them is and does would be a good move.

5) If nothing is found then probably your system is secure. There is the case that the file is run with root privileges, using one of the many ways to do this. The only way that someone could do this is if you run something as root or you gave it your password.

6) If you want, you can install Wireshark and see the packages that go in and out of your PC. I haven't used it a lot but I find it hard to distinguish between malicious packets and non malicious ones - I guess you need to be more of an expert to properly understand the packets. Your keystrokes can leave your PC encrypted (in base64, for example) so as to be hard for you to find out. Also, there is no way that every keystroke is leaving your pc while it is being typed, They are logged and they are leaving your PC e.g. once every hour, or even once every day or week.


As for what I would recommend in order to avoid such attacks, which can be from a keylogger to a password stealer to a home directory remover, that is my opinion:

1) Install a good firewall and learn to configure it.
2) DO NOT run servers for fun. Do not install apache or ssh servers in your laptop if you can avoid it.
3) If you can't avoid it, then DO NOT use the default ports for them!
4) Always install all the available updates as soon as possible.

Bu anlatılanlarla takip edebilirsin.

[akaike]

Merhabalar, İş Yerimizde Kullandığımız 20+ Bilgisayarda Ubuntu Kullanmaktayız. Fakat Çalışanları Takip Edebilmemiz İçin Bir Program Gerekiyor. Ubuntuda Böyle Bir Program Varmıdır. Bu Şirketimiz İçin Çok Önemli Bir Konu Biz İstemeyerekte Olsa Ubuntudan Çıkmayı Asla İstemiyoruz. Fakat Böyle Bir Yazılıma Sahip Olamadığımızda Malesef İşletim Sistemlerini Değiştirmek Zorunda Kalacağız. Bu Konuda Önerilerinizi Beklemekteyim.
Ubuntuyu Destekleyen Bir Şirket Olarak, Bu Konuda Sizlerden Yardım Talep Etmekteyim.

İlginiz İçin Teşekkür Eder, İyi Çalışmalar Dilerim.

Maalesef sorunuza cevap veremeyeceğim fakat ne iş yaptığınız merak ettim. Hangi sektörde çalışıyorsunuz. Ticari yazılım ihtiyacınız nasıl giderdiniz. İş dünyasında Ubuntu veya Linux yazılım kullanımı konusunda örnekler arıyorum. Şirketiniz hakkında ve Ubuntu kullanım süreciniz hakkında biraz bilgi verirseniz eminim teşvik edici olur.