View previous topic :: View next topic |
Author |
Message |
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1602 Location: Fayetteville, NC, USA
|
Posted: Tue Apr 03, 2018 4:40 pm Post subject: Screen capture/keystroke-logging? |
|
|
We have an employee who is not doing her job and is abusing our Internet access. My boss (aka company owner) tasked me with logging key-strokes and capturing screenshots to record this information for termination and/or unemployment claim protection. In Windows there are loads of applications that do this. The thing is, we run Gentoo. Is this possible and if so, what applications should I look at or how should I do this? I cannot go into detail, but everything this employee does is in Plasma. No shell, no VirtualBox, no nothing else. Thanks for your help! _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Tue Apr 03, 2018 6:01 pm Post subject: |
|
|
For screen capture ffmpeg works fine. xev will print all key events to stdout, you can filter it from there. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54306 Location: 56N 3W
|
Posted: Tue Apr 03, 2018 6:48 pm Post subject: |
|
|
The_Great_Sephiroth,
Think twice about key logging. You will capture all the usernames and passwords in clear text.
I hope you can take good care of somones internet banking credentials and the like.
To build up a picture of internet use, your outgoing firewall can log times and sites visited.
That's a lot less trouble to manage as it shouldn't contain any credentials in clear text. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Irre Guru
Joined: 09 Nov 2013 Posts: 434 Location: Stockholm
|
Posted: Tue Apr 03, 2018 7:22 pm Post subject: |
|
|
I think she should be warned before you act as Facebook. |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1602 Location: Fayetteville, NC, USA
|
Posted: Wed Apr 04, 2018 1:45 am Post subject: |
|
|
The things you mention should not be done at our office. Personal stuff like banking are not allowed. By using the company systems you consent to the possibility of being investigated should the need arise. I don't like it either, but if the employee is simply slacking then nothing we don't already have in databases (passwords and such) will be shown. We caught two women stealing from the company using key-loggers in Windows a few years back. Almost bankrupted us so they could live high on the hog. Actually, we caught THREE women this way. The third was later on. She was using the stolen product and cash for drugs. Sadly, this is an evil that must be done from time to time.
If it matters, only the company owner and myself will be able to view the logged data. No other employees can access it. Thank you for the information and opinions though. Once the case has been made or she has been cleared, the data will be deleted and the disk securely erased (dd anybody?) so nothing will fall into the wrong hands. The storage location for the data is on an intranet not accessible from the WAN. It isn't physically connected to any WAN. _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 21709
|
Posted: Wed Apr 04, 2018 2:23 am Post subject: |
|
|
What kind of abuse do you suspect? Specifically, is the abuse a problem for other users (downloading large files, getting the company IP address blacklisted on reputation services, etc.) or only a problem in that the employee is alleged to be using the Internet access for frivolous activity instead of performing her assigned duties?
You haven't said here where this company is, and we don't need to know. You've described a good baseline policy that may provide legal cover for your surveillance. However, if you have not done so recently, I would encourage you to review local data privacy statutes to ensure that the employee agreement you referenced is sufficient to cover you. If it was written by company counsel, it is probably good enough. If it was thrown together by a layman based on other contracts, you're taking a bit more risk. It would be quite ironic to fire her for good cause based on the surveillance data, win on any challenges to the direct cause, and get in trouble for the use of surveillance. |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1602 Location: Fayetteville, NC, USA
|
Posted: Wed Apr 04, 2018 4:09 am Post subject: |
|
|
This was checked by attorneys prior to implementation. We're legal. _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
|