Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-29-2007, 05:05 AM
|
#1
|
Member
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273
Rep:
|
USB Espionage
Hi there!
At work, I have a laptop and desktop with Linux. Lately, I have noticed people going in and out that behave very oddly. I suspect that they check out our computers with USB sticks, copying the hard drive or at least some documents and then leaving no trace. There are some sensitive documents there that should not get into the hands of third parties.
Is there a way that I can see if a USB stick has been insterted in Linux at a certain time (a log?), so that I can check whether someone has been at my PC at times I was having a lunch? Or is there even a way to block USB sticks other than my own from accessing my documents (password-protected parhaps)?
|
|
|
08-29-2007, 05:48 AM
|
#2
|
Member
Registered: Jul 2007
Location: Phoenix, AZ, US
Distribution: OpenSuse 11.1 x64 (KDE 4.3)
Posts: 35
Rep:
|
Let's see...........
First, I would make darn sure I locked the machine before I left the desk.
You didn't say which desktop you are using, but at a minimum you could log out of your account before leaving the computer alone.
You should be able to see if someone inserted a USB stick in the system log. It's usually in: /var/log. The filename might vary depending on the distro, but the main log name is usually /var/log/messages. (I'm not on my Linux box at the moment, so I can't check.) A good way to check the log is to insert your own stick, then have a look in the log. Mine shows the make and serial serial number of the USB stick.
Now that I think about it, turning off the automount feature might be an option, too. Then you'd have to mount/umount manually, but someone who didn't know Linux would not realize that.
Hope this helps.
|
|
|
08-29-2007, 06:57 AM
|
#3
|
LQ Newbie
Registered: Oct 2006
Location: California / Moldova
Distribution: bunch of Ubuntu flavors
Posts: 29
Rep:
|
Or, on top of the turned off automount, mounting USBs could be made to require the user's password.
|
|
|
08-29-2007, 07:03 AM
|
#4
|
Member
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273
Original Poster
Rep:
|
I have SuSE Linux 10.1 with KDE 3."SOMETHING"
Most people at work know more about Linux that I do, so I think the mount trick would not work very long.
Quote:
Or, on top of the turned off automount, mounting USBs could be made to require the user's password.
|
How would I do that?
|
|
|
08-29-2007, 10:31 AM
|
#5
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
USB pen drives on Linux isn't trivial, unfortunately (or, in your case, fortunately). It has been my experience on a couple of different distros that these drives are not universally mounted. I actually had to create a proper udev rule so that my own pen drives automount. Usually, when I insert a "foreign" pen drive (one belonging to someone else) I have to manually mount it, unless it happens to be a brand that is properly identified by my udev rule. (note to readers: a planned project of mine is to get lots of people with lots of different pen drives to read out their identification info so that I can make my udev rule comprehensive, then publish it...)
In any event, it could very well be that if someone is sticking a pen drive into your USB port they can't read off your data without first becoming root and mounting the pen drive.
Should it happen that the pen drive is automounting, you can stop this by identifying the proper udev rule and removing it. This will prevent anyone who can't become root on your system from using a pendrive to remove data from it.
If they can become root then one of two conditions applies: your security is compromised and you need to change the root password or they own the 'puter and have the right to become root. If the latter condition, they may also have the right to extract data from the system.
|
|
|
08-29-2007, 11:36 AM
|
#6
|
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809
|
If the person has no password to the machine, then how would they be moving data to a USB stick? (Or am I missing something?)
Be aware that anyone with physical access to the hardware can boot from live CD and disable the password. Real security means locking the office, or locking the computer in a cabinet.
|
|
|
08-29-2007, 12:30 PM
|
#7
|
Member
Registered: Jan 2007
Distribution: Slackware
Posts: 341
Rep:
|
I agreed. A security environment for high sensitive informations and data must begin with physical access control and protection against incidentally or consequential damages (like fires, earthquakes, floods and so on).
<IMHO> high sensitive data must do not be stored on unprotected computers (a password is not a protection against someone who really want to steal sensitive data from a laptop or a desktop). I mean the high sensitive data must be stored on dedicated data servers. No optical media writers, no USB ports, no memory card readers.
"Security is NOT installing a firewall" and more good advices here.
|
|
|
08-29-2007, 02:11 PM
|
#8
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
Quote:
Originally Posted by pixellany
If the person has no password to the machine, then how would they be moving data to a USB stick? (Or am I missing something?)
Be aware that anyone with physical access to the hardware can boot from live CD and disable the password. Real security means locking the office, or locking the computer in a cabinet.
|
I believe that the scenario here has OP getting up from his desk, walking down the hall to get a coffee or whatever, then coming back after a few minutes. He isn't logging off while away from the machine.
|
|
|
08-29-2007, 02:16 PM
|
#9
|
Senior Member
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847
Rep:
|
Have you tried just locking the screen with xscreensaver? It renders the machine unusable until you return and unlock it with your password. It can also be set lock the machine as soon as the screensaver comes on, so if you forget, within a minute or two, it'll automatically lock.
|
|
|
All times are GMT -5. The time now is 09:57 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|