Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Can i detect commands people in datacenter execute on my physical server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can i detect commands people in datacenter execute on my physical server?

postcdpostcd Member

Can i detect commands people in datacenter execute on my physical server?
I know they can connect to the server, see what is going on there and execute commands, so how i can record their commands and have them send to me via email? any bash script turned into daemon or something? Isnt there already created app for this? Thank You

«1

Comments

  • @postcd I hope no one would buy any of your services ...

    Thanked by 1ehab
  • NyrNyr Community Contributor, Veteran

    lol

  • Where was that chrome plugin to ignore LET users?

  • I lol'd so hard...

    Computers are computers, not with minds that know who's typing physically in it ;)

  • ehabehab Member
    edited March 2016

    yeeessss you can stand beside your server All the time and if you suspect Any fishy tricks .. unplug it immediately

    sorry, i had to say the above.

    Thanked by 2elgs Clouvider
  • Why do they have access? Change your password....

    Thanked by 1VyprNetworks
  • jarjar Patron Provider, Top Host, Veteran
    edited March 2016

    Find a way to break the USB ports in the OS maybe?

  • @jarland said:
    Find a way to break the USB ports in the OS maybe?

    Don't forget the ps2-ports.

    Thanked by 1jar
  • ehabehab Member
    edited March 2016

    are you really u2 talking about this...

    Thanked by 1AshleyUk
  • IshaqIshaq Member
    edited March 2016

    jarland said: Find a way to break the USB ports in the OS maybe?

    You can actually suspend/disable USB from the OS.

    Thanked by 3jar lazyt lifehome
  • AndreixAndreix Member, Host Rep

    What the fork man ... if you don't trust your DC go find another one.

    Thanked by 1VyprNetworks
  • JacobJacob Member
    edited March 2016

    I think KVM trolleys (physical connections) and such come under a different tty name (or have an additional part, 'local' or something).

    you could have a bash script on a loop to keep checking /usr/bin/w and use grep with (q argument) for 'local' and then use "&& echo $?" to return the status code, if it returns 0 then there you go someone is physically connected to the server.

    In terms of command logging, I would just make it so that any user (other than root) can not amend / truncate the history file - have a read of; https://administratosphere.wordpress.com/2011/05/20/logging-every-shell-command/

    Thanked by 1postcd
  • @Ishaq said:
    You can actually suspend/disable USB from the OS.

    This will break the keyboard functionality in IPMI, fwiw ;-)

  • IshaqIshaq Member

    UbiquityDustin said: This will break the keyboard functionality in IPMI, fwiw ;-)

    That's the intended purpose, he doesn't want the datacenter physically connecting and executing commands.

  • I'd give up the idea of sleeping and monitor my server over IPMI 24/7.

  • timnboystimnboys Member
    edited March 2016

    now I would tell you what you are trying to do is run a keylogger which is illegal almost everywhere even in the us it is illegal since it fails under wiretapping laws without a warrant,
    also I would recommend you quit while you're ahead as wiretapping without a warrant in the us is illegal and will land you in a nice uncomfortable federal jail cell since that is a federal crime. and that is likely to happen most everywhere else as well.

    Thanked by 1lazyt
  • elgselgs Member

    WIFI is dangerous. Forget to mention, maybe they could connect from gravitational waves.

  • tommytommy Member

    Put the server on your back.

  • elgselgs Member
    edited March 2016

    Seriously, the sequence of places you might want to check might be:
    If they logged in your OS:

    ~/.bash_history
    Run last to check login time

    But of course they could erase these log if they are careful. If they could shutdown your server and mount your disk to their OS, there's nothing they cannot do with your disk. Ultimately, you might want to check the last read timestamp of your very important files by ls dash lu.

  • adopt-get install dog

  • I'm seeing answers to two different situations here. Perhaps the OP would clarify?

  • shovenoseshovenose Member, Host Rep
    edited March 2016

    You can use WiFi ABC for this. It's the upcoming standard to replace Wireless AC and it's a mix of telecommunications and telepathy. It uses 802.69 Bluetooth to allow you to know exactly what the server is thinking at any given time, no matter how far away you are.

    @vimalware said:
    adopt-get install dog

    Perhaps you mean adopt-get install doge??

    Thanked by 2howardsl2 Rolter
  • Maybe there's something about @postcd that everyone knows/remembers, like a past incident where he made a fool of himself or something worse, but otherwise I don't understand why a fair portion of LET is being pretty unhelpful with this perfectly reasonable request/question.

    As far as I understand it, @postcd just wants to monitor what commands DC staff (or other officials with physical access) execute on his system. He's not attempting to log all commands on his clients' VPSs or anything malicious.

    @postcd, you could use snoopy (linked by @Fusl) or something similar. It's safe to assume that your casual adversary (i.e. DC technician) would attempt to clear normal system logs. However, if you fear a more advanced/determined adversary who may attempt to clear logs from snoopy (or a similar tool), then you'll need to attempt to conceal the logging agent as well as the logs. You could also securely tunnel a copy of the logs to a remote system at another (more?) trusted location.

    I'll leave it at that since I don't know what you're trying to protect, or from who.

  • nepsneps Member

    If you don't/can't trust your datacenter or the people who work in it, maybe move to one that you can? They have physical access to your box, they will ALWAYS have more power over it than you.

    Thanked by 1Ole_Juul
  • xaocxaoc Member

    @timnboys said:
    now I would tell you what you are trying to do is run a keylogger which is illegal almost everywhere even in the us it is illegal since it fails under wiretapping laws without a warrant,
    also I would recommend you quit while you're ahead as wiretapping without a warrant in the us is illegal and will land you in a nice uncomfortable federal jail cell since that is a federal crime. and that is likely to happen most everywhere else as well.

    Are you serious about the above?

  • @xaoc said:
    Are you serious about the above?

    yes you do realize "snoopy" is a "keylogger" by definition and is illegal almost everywhere.

  • Looks like OP has abandoned the thread.

  • xaocxaoc Member

    @timnboys said:
    yes you do realize "snoopy" is a "keylogger" by definition and is illegal almost everywhere.

    I don't see any legal issue as long as it's your own system. "It`s for their own safety" xD

  • @timnboys said:
    yes you do realize "snoopy" is a "keylogger" by definition and is illegal almost everywhere.

    I'm sorry but there's a big distinction between putting a key logger on someone else's system without their knowledge/permission (obviously a crime) and logging on your own system what's the issue with that?

    By your standard every Linux/UNIX distribution is illegal to use out of the box thanks to
    .bash_history . For your own protection never cat that file and for gods sake stay out of /var/log if you want plausible deniability when it's your turn once every person who's ever installed UNIX goes on trial for illegal wiretapping.

Sign In or Register to comment.