Being Prepared for Computer Theft

For topics unrelated to bush walking or to the forums.

Being Prepared for Computer Theft

Postby Son of a Beach » Fri 05 Sep, 2008 11:10 am

In case my computer ever gets stolen, I've configured it to automatically run a script every 15 minutes that will record it's network information on a web server. This means that if the thief ever connected it to the internet for a few minutes it would report it's current network information to somewhere where I can easily access that information from anywhere.

I've just updated the script to make it a lot neater, simpler and more secure than my original script. Feel free to copy and use it if you wish. Note that this will work easily on Unix/Linux based systems such as Mac OS X, RedHat, Ubuntu, etc. I've no idea how to get this working on Windows, but I suspect you may have to install CYGWIN or something.

I think that the script is fully secure, as it uses no passwords or certificates or keys. In fact it doesn't even upload anything to the server directly. It merely gets it's attempted connection recorded in the log files of the remote server with a LOT of extra information.

So in theory, you don't even need access to the remote server, but would have to at least be able to make sure the police can get access the server logs. Ideally of course, you should have access to it, to make sure it's working as expected, and for more prompt monitoring in case of actual theft.

Here's the script

Code: Select all
#!/bin/sh

SERVER="<host.dns.name>"
PAGE="heartbeat"

HOST=`/bin/hostname`
DATE=`/bin/date`
IFCONFIG=`/sbin/ifconfig -u | grep inet | grep -v "127.0.0.1"`
TRACEROUTE=`/usr/sbin/traceroute -m 5 $HOST 2>/dev/null | grep -v \*`

urlencode() {
        echo $1 | sed "s/ /__/g; s/     /___/g; s/\n/____/g"
}

DATE=`urlencode "$DATE"`
IFCONFIG=`urlencode "$IFCONFIG"`
TRACEROUTE=`urlencode "$TRACEROUTE"`

URL="http://$SERVER/$PAGE?HOST=$HOST&DATE=$DATE&IFCONFIG=$IFCONFIG&TRACEROUTE=$TRACEROUTE"

curl "$URL" > /dev/null 2>&1


Note that this does not produce correctly encoded URLs, but that doesn't matter as we're not trying to get anything returned from the webserver. In fact we're actually accessing the URL for a page that doesn't even exist (in most cases). Using not quite correct URL encoding makes the results a little easier to read in the log file (I started using full encoding, but the results were horrible from a human-readable perspective). Spaces, TABs and newlines are substituted, however.

To get it to work, just copy it to your computer somewhere (I named the script 'heartbeat' on mine), make it executable ('chmod 755 <path>'), substitute <host.dns.name> for the name of the webserver you want it to connect to (preferably where you have access to the log files), and then create a cron job to run in regularly (I run mine every 15 minutes like so: 0,15,30,45 * * * * /path/to/heartbeat)

Note that this will not work from behind a web proxy without modification. You can make it work with proxies (even with proxy authentication) by using the '-x' (and '-U') arguments for 'curl' (see 'man curl'), but this should only be done for testing purposes, as the proxy information will be invalid if the machine is stolen (unless it is stolen by somebody in your office).

To check that it is working, monitor your servers log file for the word 'heartbeat' (or change it in the script to something else suitable).

Eg: 'tail -f access.log | grep heartbeat'

The entries in the log should look something like this:

Code: Select all
123.123.123.123 - - [04/Sep/2008:17:45:00 -0700] "GET /heartbeat?HOST=local.host.name&DATE=Fri__Sep__5__10:45:00__EST__2008&IFCONFIG=inet6__fe80::1%lo0__prefixlen__64__scopeid__0x1__inet6__::1__prefixlen__128__inet6__fe80::216:cbff:fecb:1180%en0__prefixlen__64__scopeid__0x4__inet__132.132.132.132__netmask__0xffffff00__broadcast__132.132.132.255&TRACEROUTE=1__router1.com.au__(132.132.132.1)__0.772__ms__0.220__ms__0.208__ms__2__sb-router2.com.au__(132.132.1.1)__2.345__ms__2.423__ms__2.285__ms HTTP/1.0" 404 662 "-" "curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3"
Son of a Beach
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 6522
Joined: Thu 01 Mar, 2007 7:55 am
Region: Tasmania
Gender: Male

Re: Being Prepared for Computer Theft

Postby Damien » Fri 05 Sep, 2008 8:52 pm

I've been meaning to set something like this up for a long time on my MBP.
If you have an Macbook / Macbook Pro you might want to have a look at this:
http://lifehacker.com/software/theft/ha ... 207605.php
You can set it up to take a snapshot from the isight and upload it.

Damien
Damien
Atherosperma moschatum
Atherosperma moschatum
 
Posts: 51
Joined: Mon 03 Mar, 2008 9:16 pm
Region: New Zealand

Re: Being Prepared for Computer Theft

Postby Damien » Fri 05 Sep, 2008 9:03 pm

Another program to use for the same purpose is http://www.orbicule.com/undercover/
Damien
Atherosperma moschatum
Atherosperma moschatum
 
Posts: 51
Joined: Mon 03 Mar, 2008 9:16 pm
Region: New Zealand

Re: Being Prepared for Computer Theft

Postby corvus » Fri 05 Sep, 2008 10:29 pm

SoaB eh!! I walk and post come to my place to do that please :lol:
collige virgo rosas
User avatar
corvus
Vercundus gearus-freakius
Vercundus gearus-freakius
 
Posts: 5538
Joined: Mon 23 Apr, 2007 7:24 pm
Location: Devonport
Region: Tasmania
Gender: Male

Re: Being Prepared for Computer Theft

Postby Joe » Tue 16 Sep, 2008 7:59 pm

Nice one....just finished playing with it on both my ubuntu machines. The likelyhood of it ever being needed is slim i imagine...but when i get motivated it will go on my lappy...which is where its needed most. thanks nik.
User avatar
Joe
in vino veritas
in vino veritas
 
Posts: 675
Joined: Mon 26 Mar, 2007 10:35 pm
Location: Devonport Tas
ASSOCIATED ORGANISATIONS: Stoney Creek Outdoor Equipment.
Region: Tasmania


Return to Between Bushwalks

Who is online

Users browsing this forum: No registered users and 3 guests