Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there any way to do this? I can do it in winXP using some software but i now have a dual boot on my pc with Suse and i want to monitor what websites are visited so that kids don't look at things they shouldn't.
all the websites that r visited get stored into the history folder, just like internet explorer. so all u have to do is see history. all the browsers come with this option.
u cud use a keylogger, this way all the activities will get recorded. this way u can know everything the user did with the computer. so u can monitor the user's activities:- which sites he is visited or even wat he typed in his emails.
That is the kind of thing i am talking about but i think it would be a bit of over kill. I only want to monitor the websites that they visit (i assume they could visit websites without the key loggers knowledge but using a mouse?)
A key logger would also be a pain to check through (i'm assuming that i would have to wade through lots of useless 'junk' to find any websites typed in or searches performed). Is there a kind of internet logger that logs all internet activitiy?
Distribution: Fedora (workstations), CentOS (servers), Arch, Mint, Ubuntu, and a few more.
Posts: 441
Rep:
You can use Squid. Even if you don't want content filtering you still can use squid only for monitoring. What you have to do is to use squid and a log file analyzer to monitor or/and analyze squid logs. Good log analyzers usually provide graphs and/or reports representing sites by user, users by sites, site categories, sites by hits, sites by downloads, etc. (Squid log format enforces this) This might look like an overkill. But it's a good option unless you come across a simpler solution.
I guess why you just want to monitor, and not filter. I hope this has to do with being proactive only. Because a system administrators role has an ethical aspect. You have to respect the users privacy and freedom. Then again in the eyes of a parent or a manager one can see why it is needed.
Another option would be to set up BIND (DNS server) on the Linux system. Internal to BIND, you can turn on logging for all DNS querries. In a typical environment, most of the DNS querries are for web pages, so most of what you would see would be the web sites visited. However, if they were accessing news servers, chat rooms, etc., you will see that too.
In my case, I have 4 PCs at home in a network. 3/4 run WinXP, and the 4th runs SUSE v9. The SUSE system runs BIND, and is set up as the primary DNS server for the other 3 PCs, and has full logging turned on. 2/4 of the WinXP machines belong to my teenagers. Since the SUSE system is the primary DNS, and has logging enabled, I can see everything they do, without them knowing that I'm watching. I use Norton Internet Security on all of the WinXP systems, and have parental controls enabled, so the kids aren't able to get to much in the way of "bad" stuff, but I can still see what they are doing any time I need to.
Hope this helps. If you are interested in setting up BIND, a quick Google on "Linux DNS BIND" will get you all sorts of info on how to install & configure BIND. With SUSE, YAST will get you 99% of the way there, but at least in my case, I had to edit one of the conf files to turn logging on.
Any possible solution without setting up a proxy? I mean, I need to find the websites list at the router level. The thing is, there are three computers using the same DSL router at home, but none is a gateway or whatsoever. 2 of them are laptops and the last one (PC) is not always open, and therefore none can be set up as a gateway or proxy? If only I could monitor which websites the router reaches/diverts at least while I have my laptop on and feed the data from the router, that would still do good enough for me? I don't know if it could be done via scripts either? Does anyone have any idea?
That is the kind of thing i am talking about but i think it would be a bit of over kill. I only want to monitor the websites that they visit (i assume they could visit websites without the key loggers knowledge but using a mouse?)
A key logger would also be a pain to check through (i'm assuming that i would have to wade through lots of useless 'junk' to find any websites typed in or searches performed). Is there a kind of internet logger that logs all internet activitiy?
Maybe I'm missing something here, but what's wrong with good old-fashioned netfilter? It's very flexible and built into most kernels. Have you tried adding this to your firewall rules:
Of course you would need to parse the log somehow. Maybe write a simple cron script (that's executed daily) that extracts all the "Website visited" log entries and looks the up the source ip address. You could customize the output of the newer logs (the ones you're actually going to read) to something like:
Maybe I'm missing something here, but what's wrong with good old-fashioned netfilter? It's very flexible and built into most kernels. Have you tried adding this to your firewall rules:
Actually, a much better idea would be to log the new connections to the server. This would save you from thousands of log entries and also log those attempted connections made by the host. Just do
Code:
/sbin/iptables -A OUTPUT --protocol tcp --destination-port 80 --match state --state NEW --jump LOG --log-prefix "Website visited"
There's also a relatively new program by the netfilter team called ulogd (Userspace LOGging Daemon), which allows great flexibility in netfilter logging. I don't know much about it, but maybe that would save some complexity.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.