LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Hardware (http://www.linuxquestions.org/questions/linux-hardware-18/)
-   -   Lock a computer with a flash drive (http://www.linuxquestions.org/questions/linux-hardware-18/lock-a-computer-with-a-flash-drive-788956/)

PhoenixAndThor 02-13-2010 08:11 PM

Lock a computer with a flash drive
 
First of all, I'm sorry if someone else posted a similar thread, but after about 2 days of googling and searching this forum, I have yet to find a solution to this problem.

I recently got a new Lenovo netbook and I want to make sure that what happened to my last laptop doesn't happen to this thing. I got the idea from some Windows software called Predator, that uses a flash drive to lock a computer. I also know that most Linux distros already have the required components to facilitate this (i.e, they know when you plug in a flash drive).

My question is, how do I get my netbook to run scripts or programs when a flash drive is unplugged? This is how I want it to work: The flash drive would be tethered to my wrist with a short strap (or a piece of fishing line, maybe a chain). When someone yanks the netbook away from me (i.e, a thief), they would rip the drive out of the USB port in the process. The netbook, immediately sensing that the drive is no longer plugged in, runs miscellaneous programs or scripts in an attempt to thwart the thief, like activating the screensaver, adding a password to grub, sounding an alarm, and whatever else I want it to do.

I would eventually like to expand this to bluetooth headsets, and other devices that Linux can keep track of. It also has to fit in with my current setup. I installed Xubuntu 9.10 on the netbook and set it up to use an ext3 formatted flash drive as /home. I then installed truecrypt and created two file containers, one for the flash drive (small files, like assignments for college and app config), and one in a hidden directory on the hard drive in the netbook (large files, like my VirtualBox images).

This way, the system won't work right without the flash drive, and I can even switch flash drives in the future, when the one I'm currently using dies. Ideally, the system locking program/script would only check for a USB connected device with a special file on it.

If I can get this set up, it would be one of the coolest Linux tricks ever pulled with a netbook, and possibly the basis for an awesome new security tool for mobile users. Thanks in advance!

bret381 02-13-2010 08:18 PM

sounds interesting

irmin 02-13-2010 08:32 PM

The easiest method to trigger some script if an event occurs is to use the D-Bus interface of HAL. Try for example:
Code:

dbus-monitor --system interface=org.freedesktop.org.Hal.Manager
When dbus-monitor is running, try to plug in and plug out an USB stick and watch the output. Maybe a combination of a shell script, dbus-send and dbus-monitor can be transformed to a solution of your problem?
Otherwise it is of course possible to handle events in any other language.

Quakeboy02 02-13-2010 08:58 PM

A thief generally isn't interested in what you have on the machine unless it's a corporate espionage theft. The fact that you do something (whatever that something is) is irrelevant. It doesn't take all that much to load a new OS onto the disk, no matter whether you wipe it, encrypt it, or whatever.

jschiwal 02-13-2010 09:28 PM

A thief ripping right out of your hands is probably a meth addict. He won't spend time with what is on the computer, but the person he sells the computer to might.

I don't think breaking a bluetooth connection should cause anything drastic. Wireless connections break all the time.
IMHO, using encrypted partitions for /home, /tmp and swap and having the computer power down would accomplish what you want.

PhoenixAndThor 02-13-2010 09:47 PM

First, I would like to thank you guys for the quick reply, except for quakeboy02, who obviously missed the mention of a siren. I would like to also add that I have already put a password on the BIOS and the hard drive, so the thief would need to know how to install a new drive to get around that (and trust me, where I live, they don't)

With that out of the way, I think irmin is on the right track, but the new 9.10 version uses devicekit and udev, good ol' HAL is being deprecated (sad to see it go), which is probably why I don't see anything while running the above command. But the code you posted did give me an idea. I tried dbus-monitor --system and it gave me a whole bunch stuff when I plugged in the flash drive, so it dbus-monitor may be piece of the puzzle. Here's the ouput:

Code:

signal sender=org.freedesktop.DBus -> dest=:1.128 serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
  string ":1.128"
signal sender=:1.2 -> dest=(null destination) serial=1412 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782"
signal sender=:1.2 -> dest=(null destination) serial=1413 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782_if0"
signal sender=:1.2 -> dest=(null destination) serial=1414 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782_if0_scsi_host"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=7 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.129"
  string ""
  string ":1.129"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=8 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.129"
  string ":1.129"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=9 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.130"
  string ""
  string ":1.130"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=10 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.130"
  string ":1.130"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=11 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.131"
  string ""
  string ":1.131"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=12 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.131"
  string ":1.131"
  string ""
signal sender=:1.2 -> dest=(null destination) serial=1436 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782_if0_scsi_host_0"
signal sender=:1.2 -> dest=(null destination) serial=1437 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782_if0_scsi_host_0_scsi_device_lun0"
signal sender=:1.2 -> dest=(null destination) serial=1438 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/usb_device_1e3d_2092_200111000782_if0_scsi_host_0_scsi_device_lun0_scsi_generic"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=13 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.132"
  string ""
  string ":1.132"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=14 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.132"
  string ":1.132"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=15 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.133"
  string ""
  string ":1.133"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=16 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.133"
  string ":1.133"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=17 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.134"
  string ""
  string ":1.134"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=18 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.134"
  string ":1.134"
  string ""
signal sender=:1.38 -> dest=(null destination) serial=112 path=/org/freedesktop/DeviceKit/Disks; interface=org.freedesktop.DeviceKit.Disks; member=DeviceAdded
  object path "/org/freedesktop/DeviceKit/Disks/devices/sdb"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=19 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.135"
  string ""
  string ":1.135"
signal sender=:1.2 -> dest=(null destination) serial=1460 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/storage_serial_USB_Flash_Disk_200111000782_0_0"
signal sender=:1.2 -> dest=(null destination) serial=1462 path=/org/freedesktop/Hal/devices/storage_serial_USB_Flash_Disk_200111000782_0_0; interface=org.freedesktop.Hal.Device; member=PropertyModified
  int32 1
  array [
      struct {
        string "info.interfaces"
        boolean false
        boolean true
      }
  ]
signal sender=:1.2 -> dest=(null destination) serial=1470 path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager; member=DeviceAdded
  string "/org/freedesktop/Hal/devices/volume_uuid_49ED_21FF"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=20 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.136"
  string ""
  string ":1.136"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=21 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.136"
  string ":1.136"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=22 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.137"
  string ""
  string ":1.137"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=23 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.138"
  string ""
  string ":1.138"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=24 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.139"
  string ""
  string ":1.139"
signal sender=:1.2 -> dest=(null destination) serial=1510 path=/org/freedesktop/Hal/devices/volume_uuid_49ED_21FF; interface=org.freedesktop.Hal.Device; member=PropertyModified
  int32 2
  array [
      struct {
        string "volume.mount_point"
        boolean false
        boolean false
      }
      struct {
        string "volume.is_mounted"
        boolean false
        boolean false
      }
  ]
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=25 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.139"
  string ":1.139"
  string ""
signal sender=:1.38 -> dest=(null destination) serial=115 path=/org/freedesktop/DeviceKit/Disks/devices/sdb; interface=org.freedesktop.DeviceKit.Disks.Device; member=Changed
signal sender=:1.38 -> dest=(null destination) serial=116 path=/org/freedesktop/DeviceKit/Disks; interface=org.freedesktop.DeviceKit.Disks; member=DeviceChanged
  object path "/org/freedesktop/DeviceKit/Disks/devices/sdb"
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=26 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.138"
  string ":1.138"
  string ""
signal sender=org.freedesktop.DBus -> dest=(null destination) serial=27 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
  string ":1.137"
  string ":1.137"
  string ""
^C


TB0ne 02-13-2010 10:08 PM

Quote:

Originally Posted by PhoenixAndThor (Post 3862998)
First, I would like to thank you guys for the quick reply, except for quakeboy02, who obviously missed the mention of a siren. I would like to also add that I have already put a password on the BIOS and the hard drive, so the thief would need to know how to install a new drive to get around that (and trust me, where I live, they don't)

No, you did mention the siren, but I don't think it's of much good, honestly. If it's a 2 pound netbook, with the screen closed, how much volume is it going to produce? And that volume quickly drops to "nothing", once the thief spends a few seconds taking the battery out.

And the thief may not know (or care) how to wipe the drive, but if they only want to sell the machine, they won't CARE. Even if they want to use it, they can always hit Google, and figure out how to clear a BIOS password.
Quote:

With that out of the way, I think irmin is on the right track, but the new 9.10 version uses devicekit and udev, good ol' HAL is being deprecated (sad to see it go), which is probably why I don't see anything while running the above command. But the code you posted did give me an idea. I tried dbus-monitor --system and it gave me a whole bunch stuff when I plugged in the flash drive, so it dbus-monitor may be piece of the puzzle. Here's the ouput:
It is a nice idea. I use bluelock myself, so when my cell phone goes out of range, the screen locks. Could easily be modified to anything else, and could even work with your existing bluetooth headset (i.e. headset out of range? Lock the box...). Would be better than a piece of fishing line on a USB drive, as wearing a wrist strap/any tether, gets tiresome after a short time.

Quakeboy02 02-13-2010 10:26 PM

Quote:

Originally Posted by PhoenixAndThor (Post 3862998)
First, I would like to thank you guys for the quick reply, except for quakeboy02, who obviously missed the mention of a siren.

Guilty. :) But, what kind of alarm are you talking about?

Also, if you do this, take care of how you actually attach it to yourself. If it's strapped to your wrist you can get seriously hurt by some of the synthetic fishing lines out there. Even if you use some sort of textile strap, if the line wraps around your wrist you can still get cut pretty badly.

There are just so many negatives to this idea, but if you get it working so that you're happy with it, good on ya.

Good luck!

PhoenixAndThor 02-13-2010 11:20 PM

lol on the tether part. Of course I'm going to use a nylon bracelet, no matter what I tether the flash drive with. Fishing line would be an excellent choice in public places because it can't be seen very easily and its strong, but other options are available.

There is also a way around the battery problem. If it's brand new, then just glue the battery. It won't make it impossible to replace later, it will just require a good knife and patience, which a potential thief most likely will not have.

The whole flash drive thing is really meant to be temporary, I don't have a bluetooth headset yet. I also know that the sound on the netbook is crappy, but who says I can't put a real a siren on the back of the lid? Sirens can come pretty small and cheap these days. I was originally just going to put a bunch junk on the back of the lid, but I wanted to see if it was at all possible to use what the netbook already had to accomplish my goal. Now if I could just figure out what kind of code I have to put into a bash script to isolate and act on USB dbus events, then I may just be home free. Again, thank you all. I did not expect this fast of a response.

jefro 02-14-2010 01:03 PM

You encrypt the drive with a self signed certificate that you keep on the flash.


All times are GMT -5. The time now is 12:40 PM.