Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have around 20-30 HP and Dell Hardware where we have attached Pen Drive. There is no Rack-lock facility. A misuse of Pen Drive is reported and it happens every alternative day that someone unplug and theft the drive attached.There is no camera facility to monitor.
I have a plan to write a script which will login to every machine through ILO and watch the USB availability. In case anyone dettach the USB, a mail will be sent to the administrator and thereby the steps could be taken.Does this idea look feasible.
It sounds pretty good. but don't you want to catch who is doing it? maybe setup your script that alerts you and takes a snapshot of a person who is doing this with a webcam. that'll be pretty cool.
I'm no expert on the matter, but I believe the udev system is intended to allow monitoring and dispatch of programs based on USB (and other) activity. You should be able to contrive a rule that will invoke a mail sender when the USB key is removed. Googling 'usb udev rules' seems to turn up a lot of useful looking links.
I'd get a tube of superglue. They won't be pulling it out without some force. Use it either on the usb slot to secure the usb in or on the outside of the usb. Either way it should provide some fun. Post a note that no one is to touch the usb drives.
Hello,
We have around 20-30 HP and Dell Hardware where we have attached Pen Drive. There is no Rack-lock facility. A misuse of Pen Drive is reported and it happens every alternative day that someone unplug and theft the drive attached.There is no camera facility to monitor.
I have a plan to write a script which will login to every machine through ILO and watch the USB availability. In case anyone dettach the USB, a mail will be sent to the administrator and thereby the steps could be taken.Does this idea look feasible.
Any comments?
Well, you might not be able to lock the RACKS, but can you lock the DOOR?? Grant access to just a few folks???
The webcam idea is a good one too...mount the camera up high, looking down the rows of servers, so you can see who's there. There are even motion-sensitive cameras that only activate when there's movement. And why have something that 'logs in', to watch the USB drive? Just have a script running on each box, that checks for the presence of the /dev/sdXXX device, and if it's not there (as in REMOVED), send an email. Compare that to the time stamp on the webcam footage.
Just have a script running on each box, that checks for the presence of the /dev/sdXXX device, and if it's not there (as in REMOVED), send an email.
Isn't that what udev does? After my earlier reply, I started exploring the udev rules on the box I'm running right now, and there are rules that trigger when a device is removed. Firing a script to send an e-mail when the pen-drive is removed seems to be fairly straightforward.
If I get a few minutes, I might try to cobble something together to do that.
Can I ask why the pen drives are there in the first place? It would seem the easiest way to deter theft is to have nothing to steal. This may be more of a reflection of my ignorance, but I just can't figure out why a datacenter would need that many pen drives attached to the servers. Or any pen drives for that matter.
Isn't that what udev does? After my earlier reply, I started exploring the udev rules on the box I'm running right now, and there are rules that trigger when a device is removed. Firing a script to send an e-mail when the pen-drive is removed seems to be fairly straightforward.
If I get a few minutes, I might try to cobble something together to do that.
--- rod.
Very true, but I'd find it easier to write a small shell script to look for the presence of the /dev/sdXX device, rather than do a udev rule. Especially if I had to work with others to maintain the systems.
But as with most things Linux...there's always several ways to do things.
Any datacenter worth it's salt will have better security than what you now have...seriously. If they can take a thumb/pen drive, they can take anything, including the machines themselves.
Also, running a script that monitors WHEN a USB drive gets stolen isn't preventative in the least. Aren't you concerned with how to STOP the theft (and not record it)? Maybe you're thinking that it helps to know when it was taken so that you could maybe check the center's visitor logs so that you could possibly find the culprit (IF the center even has logs...if there's no security, there's probably accurate logging of visitors).
I've some old machines that had hardware epoxied in place (inside the case). You might get away with that.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
i would have to agree with the above posts
1. find a better solution to replace the pen drives, a nas or file server of some sort for instance
2. do a better job of restricting access to the data center, plain and simple, if only trusted personnel are allowed into the room to begin with then you will have less to worry about a pen drive or server growing legs and walking off the premises, physical access trumps any software based security anyone can put into place and logging and determining who did it is like fixing the barn door after the horse got out, the pen drive could have been sold on the black market or given to someone else by the time you catch the person who actually stole it
Any datacenter worth it's salt will have better security than what you now have...seriously. If they can take a thumb/pen drive, they can take anything, including the machines themselves.
Well actually ... a thumb drive fits in your pocket.
A 4U 19" rack mount server doesn't. A blade doesn't.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
Quote:
Originally Posted by Tinkster
Well actually ... a thumb drive fits in your pocket.
A 4U 19" rack mount server doesn't. A blade doesn't.
granted but given the time and resources, say someone sneakin in after hours when nobody is there to stop them it's not entirely impossible to walk away with a server
granted but given the time and resources, say someone sneakin in after hours when nobody is there to stop them it's not entirely impossible to walk away with a server
EXACTLY. It sounds as if security is non-existent.
If someone is messing with physical aspects of the OP's system, it is an indication of security failure. About Tinkster's comment on size, if nothing prevents a physical change to the system, the chance of someone stealing a pen drive or whole system is rather feasible, IMO. 4U? There's a way around that too. Bring a busted one in with you (in case there's a front desk) and swap it out with the OP'S, then walk out. There are also pen drives that can sniff or log. Walk to OP's server, insert drive, let it gather data, come back a day later to pick up gathered data, then leave. One could also tap into the DC's network, breaking down the integrity of the whole data center.
Basically, with data centers, if physical security is lacking, you're just asking for trouble.
Last edited by unixfool; 11-12-2010 at 08:57 AM.
Reason: corrected typos
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.