LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-29-2007, 05:05 AM   #1
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Rep: Reputation: 32
USB Espionage


Hi there!

At work, I have a laptop and desktop with Linux. Lately, I have noticed people going in and out that behave very oddly. I suspect that they check out our computers with USB sticks, copying the hard drive or at least some documents and then leaving no trace. There are some sensitive documents there that should not get into the hands of third parties.

Is there a way that I can see if a USB stick has been insterted in Linux at a certain time (a log?), so that I can check whether someone has been at my PC at times I was having a lunch? Or is there even a way to block USB sticks other than my own from accessing my documents (password-protected parhaps)?
 
Old 08-29-2007, 05:48 AM   #2
walla299
Member
 
Registered: Jul 2007
Location: Phoenix, AZ, US
Distribution: OpenSuse 11.1 x64 (KDE 4.3)
Posts: 35

Rep: Reputation: 15
Let's see...........

First, I would make darn sure I locked the machine before I left the desk.

You didn't say which desktop you are using, but at a minimum you could log out of your account before leaving the computer alone.

You should be able to see if someone inserted a USB stick in the system log. It's usually in: /var/log. The filename might vary depending on the distro, but the main log name is usually /var/log/messages. (I'm not on my Linux box at the moment, so I can't check.) A good way to check the log is to insert your own stick, then have a look in the log. Mine shows the make and serial serial number of the USB stick.

Now that I think about it, turning off the automount feature might be an option, too. Then you'd have to mount/umount manually, but someone who didn't know Linux would not realize that.

Hope this helps.
 
Old 08-29-2007, 06:57 AM   #3
Andersonian
LQ Newbie
 
Registered: Oct 2006
Location: California / Moldova
Distribution: bunch of Ubuntu flavors
Posts: 29

Rep: Reputation: 15
Or, on top of the turned off automount, mounting USBs could be made to require the user's password.
 
Old 08-29-2007, 07:03 AM   #4
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Original Poster
Rep: Reputation: 32
I have SuSE Linux 10.1 with KDE 3."SOMETHING"

Most people at work know more about Linux that I do, so I think the mount trick would not work very long.

Quote:
Or, on top of the turned off automount, mounting USBs could be made to require the user's password.
How would I do that?
 
Old 08-29-2007, 10:31 AM   #5
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
USB pen drives on Linux isn't trivial, unfortunately (or, in your case, fortunately). It has been my experience on a couple of different distros that these drives are not universally mounted. I actually had to create a proper udev rule so that my own pen drives automount. Usually, when I insert a "foreign" pen drive (one belonging to someone else) I have to manually mount it, unless it happens to be a brand that is properly identified by my udev rule. (note to readers: a planned project of mine is to get lots of people with lots of different pen drives to read out their identification info so that I can make my udev rule comprehensive, then publish it...)

In any event, it could very well be that if someone is sticking a pen drive into your USB port they can't read off your data without first becoming root and mounting the pen drive.

Should it happen that the pen drive is automounting, you can stop this by identifying the proper udev rule and removing it. This will prevent anyone who can't become root on your system from using a pendrive to remove data from it.

If they can become root then one of two conditions applies: your security is compromised and you need to change the root password or they own the 'puter and have the right to become root. If the latter condition, they may also have the right to extract data from the system.
 
Old 08-29-2007, 11:36 AM   #6
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809

Rep: Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743
If the person has no password to the machine, then how would they be moving data to a USB stick? (Or am I missing something?)

Be aware that anyone with physical access to the hardware can boot from live CD and disable the password. Real security means locking the office, or locking the computer in a cabinet.
 
Old 08-29-2007, 12:30 PM   #7
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
I agreed. A security environment for high sensitive informations and data must begin with physical access control and protection against incidentally or consequential damages (like fires, earthquakes, floods and so on).

<IMHO> high sensitive data must do not be stored on unprotected computers (a password is not a protection against someone who really want to steal sensitive data from a laptop or a desktop). I mean the high sensitive data must be stored on dedicated data servers. No optical media writers, no USB ports, no memory card readers.

"Security is NOT installing a firewall" and more good advices here.
 
Old 08-29-2007, 02:11 PM   #8
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by pixellany View Post
If the person has no password to the machine, then how would they be moving data to a USB stick? (Or am I missing something?)

Be aware that anyone with physical access to the hardware can boot from live CD and disable the password. Real security means locking the office, or locking the computer in a cabinet.
I believe that the scenario here has OP getting up from his desk, walking down the hall to get a coffee or whatever, then coming back after a few minutes. He isn't logging off while away from the machine.
 
Old 08-29-2007, 02:16 PM   #9
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
Have you tried just locking the screen with xscreensaver? It renders the machine unusable until you return and unlock it with your password. It can also be set lock the machine as soon as the screensaver comes on, so if you forget, within a minute or two, it'll automatically lock.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
usb 2.0 hdd working through usb 2.0 pcmcia card full speed in 2.4, but slow in 2.6 chilly_willy2 Linux - Hardware 11 02-02-2006 06:16 PM
Get usb.c: ignoring set_interface when pluging in a Belkin USB Direct Connect Cable qwerty102 Linux - Networking 0 02-15-2005 08:49 AM
USB LexarMedia 32MB Data-Key + KDE 3.2=USB/HD Access problems that_guy Slackware 0 02-03-2005 08:27 AM
USB problems: Memorex USB stick 256MB and PSX to USB adapter by Radio Shack Knuckles T15 Linux - Hardware 1 05-19-2004 06:58 PM
HP Deskjet (USB) & CUPS & Slackware 9.1: Unable to open USB device "usb:/dev/usb/lp0&qu arnostienen Slackware 2 01-29-2004 03:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration