New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can i detect commands people in datacenter execute on my physical server?
Can i detect commands people in datacenter execute on my physical server?
I know they can connect to the server, see what is going on there and execute commands, so how i can record their commands and have them send to me via email? any bash script turned into daemon or something? Isnt there already created app for this? Thank You
Comments
@postcd I hope no one would buy any of your services ...
lol
Where was that chrome plugin to ignore LET users?
I lol'd so hard...
Computers are computers, not with minds that know who's typing physically in it
yeeessss you can stand beside your server All the time and if you suspect Any fishy tricks .. unplug it immediately
sorry, i had to say the above.
Why do they have access? Change your password....
Find a way to break the USB ports in the OS maybe?
Don't forget the ps2-ports.
are you really u2 talking about this...
You can actually suspend/disable USB from the OS.
What the fork man ... if you don't trust your DC go find another one.
I think KVM trolleys (physical connections) and such come under a different tty name (or have an additional part, 'local' or something).
you could have a bash script on a loop to keep checking /usr/bin/w and use grep with (q argument) for 'local' and then use "&& echo $?" to return the status code, if it returns 0 then there you go someone is physically connected to the server.
In terms of command logging, I would just make it so that any user (other than root) can not amend / truncate the history file - have a read of; https://administratosphere.wordpress.com/2011/05/20/logging-every-shell-command/
This will break the keyboard functionality in IPMI, fwiw ;-)
That's the intended purpose, he doesn't want the datacenter physically connecting and executing commands.
I'd give up the idea of sleeping and monitor my server over IPMI 24/7.
https://github.com/a2o/snoopy
now I would tell you what you are trying to do is run a keylogger which is illegal almost everywhere even in the us it is illegal since it fails under wiretapping laws without a warrant,
also I would recommend you quit while you're ahead as wiretapping without a warrant in the us is illegal and will land you in a nice uncomfortable federal jail cell since that is a federal crime. and that is likely to happen most everywhere else as well.
WIFI is dangerous. Forget to mention, maybe they could connect from gravitational waves.
Put the server on your back.
Seriously, the sequence of places you might want to check might be:
If they logged in your OS:
~/.bash_history
Run
last
to check login timeBut of course they could erase these log if they are careful. If they could shutdown your server and mount your disk to their OS, there's nothing they cannot do with your disk. Ultimately, you might want to check the last read timestamp of your very important files by ls dash lu.
adopt-get install dog
I'm seeing answers to two different situations here. Perhaps the OP would clarify?
You can use WiFi ABC for this. It's the upcoming standard to replace Wireless AC and it's a mix of telecommunications and telepathy. It uses 802.69 Bluetooth to allow you to know exactly what the server is thinking at any given time, no matter how far away you are.
Perhaps you mean adopt-get install doge??
Maybe there's something about @postcd that everyone knows/remembers, like a past incident where he made a fool of himself or something worse, but otherwise I don't understand why a fair portion of LET is being pretty unhelpful with this perfectly reasonable request/question.
As far as I understand it, @postcd just wants to monitor what commands DC staff (or other officials with physical access) execute on his system. He's not attempting to log all commands on his clients' VPSs or anything malicious.
@postcd, you could use snoopy (linked by @Fusl) or something similar. It's safe to assume that your casual adversary (i.e. DC technician) would attempt to clear normal system logs. However, if you fear a more advanced/determined adversary who may attempt to clear logs from snoopy (or a similar tool), then you'll need to attempt to conceal the logging agent as well as the logs. You could also securely tunnel a copy of the logs to a remote system at another (more?) trusted location.
I'll leave it at that since I don't know what you're trying to protect, or from who.
If you don't/can't trust your datacenter or the people who work in it, maybe move to one that you can? They have physical access to your box, they will ALWAYS have more power over it than you.
Are you serious about the above?
yes you do realize "snoopy" is a "keylogger" by definition and is illegal almost everywhere.
Looks like OP has abandoned the thread.
I don't see any legal issue as long as it's your own system. "It`s for their own safety" xD
I'm sorry but there's a big distinction between putting a key logger on someone else's system without their knowledge/permission (obviously a crime) and logging on your own system what's the issue with that?
By your standard every Linux/UNIX distribution is illegal to use out of the box thanks to
.bash_history . For your own protection never cat that file and for gods sake stay out of /var/log if you want plausible deniability when it's your turn once every person who's ever installed UNIX goes on trial for illegal wiretapping.