Hello,

We have around 20-30 HP and Dell Hardware where we have attached Pen Drive. There is no Rack-lock facility. A misuse of Pen Drive is reported and it happens every alternative day that someone unplug and theft the drive attached.There is no camera facility to monitor.

I have a plan to write a script which will login to every machine through ILO and watch the USB availability. In case anyone dettach the USB, a mail will be sent to the administrator and thereby the steps could be taken.Does this idea look feasible.

Any comments?

It sounds pretty good. but don't you want to catch who is doing it? maybe setup your script that alerts you and takes a snapshot of a person who is doing this with a webcam. that'll be pretty cool.

I'm no expert on the matter, but I believe the udev system is intended to allow monitoring and dispatch of programs based on USB (and other) activity. You should be able to contrive a rule that will invoke a mail sender when the USB key is removed. Googling 'usb udev rules' seems to turn up a lot of useful looking links.

--- rod.

I'd get a tube of superglue. They won't be pulling it out without some force. Use it either on the usb slot to secure the usb in or on the outside of the usb. Either way it should provide some fun. Post a note that no one is to touch the usb drives.

I'd get rid of the usb's all together.

Moved: This thread is more suitable in <Security> (kind of), and has been moved accordingly to help your thread/question get the exposure it deserves.

Well, you might not be able to lock the RACKS, but can you lock the DOOR?? Grant access to just a few folks???

The webcam idea is a good one too...mount the camera up high, looking down the rows of servers, so you can see who's there. There are even motion-sensitive cameras that only activate when there's movement. And why have something that 'logs in', to watch the USB drive? Just have a script running on each box, that checks for the presence of the /dev/sdXXX device, and if it's not there (as in REMOVED), send an email. Compare that to the time stamp on the webcam footage.

Isn't that what udev does? After my earlier reply, I started exploring the udev rules on the box I'm running right now, and there are rules that trigger when a device is removed. Firing a script to send an e-mail when the pen-drive is removed seems to be fairly straightforward.
If I get a few minutes, I might try to cobble something together to do that.

--- rod.

Can I ask why the pen drives are there in the first place? It would seem the easiest way to deter theft is to have nothing to steal. This may be more of a reflection of my ignorance, but I just can't figure out why a datacenter would need that many pen drives attached to the servers. Or any pen drives for that matter.

Very true, but I'd find it easier to write a small shell script to look for the presence of the /dev/sdXX device, rather than do a udev rule. Especially if I had to work with others to maintain the systems.

But as with most things Linux...there's always several ways to do things.

Any datacenter worth it's salt will have better security than what you now have...seriously. If they can take a thumb/pen drive, they can take anything, including the machines themselves.

Also, running a script that monitors WHEN a USB drive gets stolen isn't preventative in the least. Aren't you concerned with how to STOP the theft (and not record it)? Maybe you're thinking that it helps to know when it was taken so that you could maybe check the center's visitor logs so that you could possibly find the culprit (IF the center even has logs...if there's no security, there's probably accurate logging of visitors).

I've some old machines that had hardware epoxied in place (inside the case). You might get away with that.

i would have to agree with the above posts

1. find a better solution to replace the pen drives, a nas or file server of some sort for instance

2. do a better job of restricting access to the data center, plain and simple, if only trusted personnel are allowed into the room to begin with then you will have less to worry about a pen drive or server growing legs and walking off the premises, physical access trumps any software based security anyone can put into place and logging and determining who did it is like fixing the barn door after the horse got out, the pen drive could have been sold on the black market or given to someone else by the time you catch the person who actually stole it

Well actually ... a thumb drive fits in your pocket.

A 4U 19" rack mount server doesn't. A blade doesn't.

granted but given the time and resources, say someone sneakin in after hours when nobody is there to stop them it's not entirely impossible to walk away with a server

EXACTLY. It sounds as if security is non-existent.

If someone is messing with physical aspects of the OP's system, it is an indication of security failure. About Tinkster's comment on size, if nothing prevents a physical change to the system, the chance of someone stealing a pen drive or whole system is rather feasible, IMO. 4U? There's a way around that too. Bring a busted one in with you (in case there's a front desk) and swap it out with the OP'S, then walk out. There are also pen drives that can sniff or log. Walk to OP's server, insert drive, let it gather data, come back a day later to pick up gathered data, then leave. One could also tap into the DC's network, breaking down the integrity of the whole data center.

Basically, with data centers, if physical security is lacking, you're just asking for trouble.

1 members found this post helpful.