LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-02-2013, 06:01 PM   #1
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 40

Rep: Reputation: 15
saving a copy


I have a Debian Squeeze router system setup with squid3 and qlproxy for 3 laptops, 2 cellphone, and 1 desktop. I would like to setup something to copy any file that is upload out from my private network. Is there away?
 
Old 03-03-2013, 10:59 AM   #2
corp769
Guru
 
Registered: Apr 2005
Posts: 5,798

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
Could you try to better explain what you are doing? To me, it almost sounds like you should run up tcpdump or wireshark, if I understand correctly, and capture your outgoing data.
 
Old 03-04-2013, 01:31 AM   #3
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 40

Original Poster
Rep: Reputation: 15
good explaination

Quote:
Originally Posted by corp769 View Post
Could you try to better explain what you are doing? To me, it almost sounds like you should run up tcpdump or wireshark, if I understand correctly, and capture your outgoing data.
My 14 years daughter and her friends have been getting into trouble for uploading and emailing files that they should not have been sending. I have build a Debian router for my home network with a transparent proxy server (sqiud3) and content filter (qlproxy) to keep them off curtain sites. But I need something that will make in copy of any files that is attach to a email or uploaded to a website from her computer (10.168.2.6) and any of our wireless guest IP address (10.168.2.100 - 10.168.2.110) and saves it in a directory in the server or email the file to my phone. Basically, I want to monitor and keep a copy of all files that is leaving out of my network through my daughter's computer and my guest address.
 
Old 03-06-2013, 10:43 AM   #4
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,OpenBSD
Posts: 666
Blog Entries: 2

Rep: Reputation: 169Reputation: 169
This sounds most easily tackled at application level provided you can ensure the traffic all passes through your proxies (for mail and web). When it comes to people sending pics from their phones and not using your wifi you'd be out of luck unless you had some arrangement with the telco or phone settings.

I'm not at all familiar with qlproxy and haven't used quid for capturing transferred files.

It would help if:
- you were willing to capture web forms as well as web files (but there is danger of over-broad capture)
- you were willing to ban https from the monitored equipment
- users are not technically-inclined (near-infinite potential for evading detection if they are)
 
Old 03-07-2013, 01:43 PM   #5
corp769
Guru
 
Registered: Apr 2005
Posts: 5,798

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
Besides going the proxy way and filtering all data, what about taking this to a lower level, and restrict devices from the network, change read/write permissions so no data can be stored on said computer, etc? Just a thought.

As far as using a proxy like linosaurusroot said, you would have to make sure that all data passes through a predetermined proxy that you set up, and yet, to see ALL files going through, you will have to sniff almost all of the data, etc. I'm saying this to try to see what else is a possibility in this case, as looking at all data 24/7 will take processing power, storage, etc, and possibly a better way exists.

Edit - If most of the files you suspect are image files, you could always run up driftnet - http://www.ex-parrot.com/~chris/driftnet/

Last edited by corp769; 03-07-2013 at 01:53 PM.
 
Old 03-07-2013, 01:44 PM   #6
corp769
Guru
 
Registered: Apr 2005
Posts: 5,798

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
Deleted per double posting.... Can this be removed please?

Last edited by corp769; 03-07-2013 at 01:45 PM.
 
Old 03-12-2013, 09:24 AM   #7
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 40

Original Poster
Rep: Reputation: 15
thank you

I will check with the my ISP to see what they can do to help. I contacted Sprint and disable the internet function on her phone. I would like to thank everyone for their suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dow copy copy-protected cds with dd commant gh_D_ir Linux - Software 4 04-01-2011 04:41 PM
CLI copy is greater than GUI copy ?? 0_o killahsmurf Slackware 14 01-04-2006 11:53 AM
saving and not saving sessions on desktop ergo_sum Linux - Newbie 2 09-26-2003 07:27 AM
boot error after using Copy Commander to copy debian system onto larger new drive Interceptor Linux - Hardware 7 05-04-2003 12:40 PM


All times are GMT -5. The time now is 11:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration