LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   saving a copy (http://www.linuxquestions.org/questions/linux-security-4/saving-a-copy-4175452439/)

rude_reality 03-02-2013 06:01 PM

saving a copy
 
I have a Debian Squeeze router system setup with squid3 and qlproxy for 3 laptops, 2 cellphone, and 1 desktop. I would like to setup something to copy any file that is upload out from my private network. Is there away?

corp769 03-03-2013 10:59 AM

Could you try to better explain what you are doing? To me, it almost sounds like you should run up tcpdump or wireshark, if I understand correctly, and capture your outgoing data.

rude_reality 03-04-2013 01:31 AM

good explaination
 
Quote:

Originally Posted by corp769 (Post 4903750)
Could you try to better explain what you are doing? To me, it almost sounds like you should run up tcpdump or wireshark, if I understand correctly, and capture your outgoing data.

My 14 years daughter and her friends have been getting into trouble for uploading and emailing files that they should not have been sending. I have build a Debian router for my home network with a transparent proxy server (sqiud3) and content filter (qlproxy) to keep them off curtain sites. But I need something that will make in copy of any files that is attach to a email or uploaded to a website from her computer (10.168.2.6) and any of our wireless guest IP address (10.168.2.100 - 10.168.2.110) and saves it in a directory in the server or email the file to my phone. Basically, I want to monitor and keep a copy of all files that is leaving out of my network through my daughter's computer and my guest address.

linosaurusroot 03-06-2013 10:43 AM

This sounds most easily tackled at application level provided you can ensure the traffic all passes through your proxies (for mail and web). When it comes to people sending pics from their phones and not using your wifi you'd be out of luck unless you had some arrangement with the telco or phone settings.

I'm not at all familiar with qlproxy and haven't used quid for capturing transferred files.

It would help if:
- you were willing to capture web forms as well as web files (but there is danger of over-broad capture)
- you were willing to ban https from the monitored equipment
- users are not technically-inclined (near-infinite potential for evading detection if they are)

corp769 03-07-2013 01:43 PM

Besides going the proxy way and filtering all data, what about taking this to a lower level, and restrict devices from the network, change read/write permissions so no data can be stored on said computer, etc? Just a thought.

As far as using a proxy like linosaurusroot said, you would have to make sure that all data passes through a predetermined proxy that you set up, and yet, to see ALL files going through, you will have to sniff almost all of the data, etc. I'm saying this to try to see what else is a possibility in this case, as looking at all data 24/7 will take processing power, storage, etc, and possibly a better way exists.

Edit - If most of the files you suspect are image files, you could always run up driftnet - http://www.ex-parrot.com/~chris/driftnet/

corp769 03-07-2013 01:44 PM

Deleted per double posting.... Can this be removed please?

rude_reality 03-12-2013 09:24 AM

thank you
 
I will check with the my ISP to see what they can do to help. I contacted Sprint and disable the internet function on her phone. I would like to thank everyone for their suggestions.


All times are GMT -5. The time now is 11:27 PM.