Screen capture/keystroke-logging?

[The_Great_Sephiroth]

We have an employee who is not doing her job and is abusing our Internet access. My boss (aka company owner) tasked me with logging key-strokes and capturing screenshots to record this information for termination and/or unemployment claim protection. In Windows there are loads of applications that do this. The thing is, we run Gentoo. Is this possible and if so, what applications should I look at or how should I do this? I cannot go into detail, but everything this employee does is in Plasma. No shell, no VirtualBox, no nothing else. Thanks for your help!
_________________
Ever picture systemd as what runs "The Borg"?

[Ant P.]

For screen capture ffmpeg works fine. xev will print all key events to stdout, you can filter it from there.

[NeddySeagoon]

The_Great_Sephiroth,

Think twice about key logging. You will capture all the usernames and passwords in clear text.
I hope you can take good care of somones internet banking credentials and the like.

To build up a picture of internet use, your outgoing firewall can log times and sites visited.
That's a lot less trouble to manage as it shouldn't contain any credentials in clear text.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[Irre]

I think she should be warned before you act as Facebook.

[The_Great_Sephiroth]

The things you mention should not be done at our office. Personal stuff like banking are not allowed. By using the company systems you consent to the possibility of being investigated should the need arise. I don't like it either, but if the employee is simply slacking then nothing we don't already have in databases (passwords and such) will be shown. We caught two women stealing from the company using key-loggers in Windows a few years back. Almost bankrupted us so they could live high on the hog. Actually, we caught THREE women this way. The third was later on. She was using the stolen product and cash for drugs. Sadly, this is an evil that must be done from time to time.

If it matters, only the company owner and myself will be able to view the logged data. No other employees can access it. Thank you for the information and opinions though. Once the case has been made or she has been cleared, the data will be deleted and the disk securely erased (dd anybody?) so nothing will fall into the wrong hands. The storage location for the data is on an intranet not accessible from the WAN. It isn't physically connected to any WAN.
_________________
Ever picture systemd as what runs "The Borg"?

[Hu]

What kind of abuse do you suspect? Specifically, is the abuse a problem for other users (downloading large files, getting the company IP address blacklisted on reputation services, etc.) or only a problem in that the employee is alleged to be using the Internet access for frivolous activity instead of performing her assigned duties?

You haven't said here where this company is, and we don't need to know. You've described a good baseline policy that may provide legal cover for your surveillance. However, if you have not done so recently, I would encourage you to review local data privacy statutes to ensure that the employee agreement you referenced is sufficient to cover you. If it was written by company counsel, it is probably good enough. If it was thrown together by a layman based on other contracts, you're taking a bit more risk. It would be quite ironic to fire her for good cause based on the surveillance data, win on any challenges to the direct cause, and get in trouble for the use of surveillance.

[The_Great_Sephiroth]

This was checked by attorneys prior to implementation. We're legal.
_________________
Ever picture systemd as what runs "The Borg"?