LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Linux Keylogger (http://www.linuxquestions.org/questions/linux-security-4/linux-keylogger-622103/)

theunixwizard 02-18-2008 06:36 PM

Linux Keylogger
 
I was wondering if their is any type of Keylogger for Linux
I have been noticing weird thing's on my computer such as C apps that I didn't build and Weird file's in /tmp. I think that it is one of my user's

pljvaldez 02-18-2008 06:42 PM

If I search through the debian repositories, it looks like there's one named lkl, but I've never used it.

A quick google also yielded uberkey and THC-vlogger.

But I prefer hardware keyloggers because they work on any OS and are easily overlooked. You can buy a good one for like $100.

OlRoy 02-18-2008 07:17 PM

What about checking the .bash_history file?

unSpawn 02-19-2008 07:00 AM

Quote:

Originally Posted by theunixwizard (Post 3061916)
I have been noticing weird thing's on my computer such as C apps that I didn't build and Weird file's in /tmp.

Collateral like that could point to a breach of security. I'd appreciate it if you could give more specific names ('ls -alZ' or 'stat' the files). To make certain, you best review what users have logged on, check your logs, what processes are running, what files and connections are open and verify the integrity of your machine. If you want a checklist you could use the Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html. Post anything that looks weird (preferably in BB code tags).

If your box appears to be clean then you do not want a keylogger, you want to take away opportunities for people to do mischief and log whatever is going on (aka basic hardening and auditing). Whatever that means depends on how the machine is attached to the network, what services it provides and who is allowed to access. Before hardening you have to make certain the box is clean though, else it makes no sense.


All times are GMT -5. The time now is 05:10 AM.