Hello everyone!

Can anybody give me some hints on how to implement a lawful interception system on my Linux (CentOS) server? I have installed on it CoovaChilli access portal that makes user authentication before providing network access. I would be glad to know what options I would have. I know I can use iptables logging capabilities for that, but I would like to be able to log some other data related to authenticated user. Also I would like to see what options would I have for implementing a CALEA/ETSI standards.

You want advice on how to attack the integrity of your users communication?

I bet a user who want advice on how to protect them self from that get a lot more advice.

Does what you provide fall under the CALEA definition of "telecom carrier"? In other words: do you have a clear legal obligation to be in compliance with the Act?


If you answered the above questions with "yes" (and I do hope you'll be verbose about it) then please list the formal requirements you know and your idea on how to implement them.


Unless you show you have a thorough understanding of CALEA requirements I would advise you to stay away from asking such questions, and if you must ask then be exact about what it is you (think you) must record and elaborate the reasons why.

1 members found this post helpful.

To be clear: I need to implement a lawful interception module for my system. I think if I would need to hack the communication of my users, I would need to write from scratch a module, and document on some other things that are worthless to write here. All what I want to tell you is that I need to write a lawful interception module for my server, and being a newbie to this, I just need some thoughts. Hope to be clear. Thanks!

No. I only need to implement a simple LI module on my server that can be placed (the server) in a hotel or in a public place where different clients can have Internet access through a captive portal. I introduced CALEA and ETSI standard names because I read from wikipedia about them to be the common standards for LI in USA and Europe. If I would need to implement that standards I would need to do much more research and for now, my system does not need that. I think we can drop out the CALEA and ETSI terms. I beg your pardon for being misunderstood.

My answer is definitely NO. All what I need to do is to have logged the IPs that a user accessed (maybe the url if possible), the user IP, related ports, protocols, access time and also I would need to log the username that this client used for authentication to captive portal - that data would need to be taken out from a database. For that I know iptables is a good tool, but I would be also curious (as not being a very experienced Linux user) if there are other tools that can be used for that. And also I'm not clear yet how to put the username related to request (as specified, that username being taken out from a database) in logs with iptables. I think that's all what I would need to implement for my LI module.

Thanks.

Thanks for explaining your approach verbosely. While it would have been better had you not created the wrong impression in the first place, it is not too late to stop it (I already modified the thread title) by dropping your acronym usage altogether, especially usage of "LI". The latter implies you being subject to regulatory compliance and it remains unclear if you have any idea of what you're getting into. Some cause for concern should be voiced about you saying
because that decision does not seem to be based on a thorough understanding of any applicable Data Protection Act or Privacy Law and its implications. It rather seems to convey your eagerness to dodge comprehending any and dispose of any compliance in favor of chasing practicalities. Do tread carefully.


Netfilter logging will (have to) do because the alternative, Deep Packet Inspection, would be way disproportional. As for mixing in user names I would first look at what the Captive Portal software you currently use offers in terms of API hooks or tools.