Bushwalk Australia

[Son of a Beach]

In case my computer ever gets stolen, I've configured it to automatically run a script every 15 minutes that will record it's network information on a web server. This means that if the thief ever connected it to the internet for a few minutes it would report it's current network information to somewhere where I can easily access that information from anywhere.

I've just updated the script to make it a lot neater, simpler and more secure than my original script. Feel free to copy and use it if you wish. Note that this will work easily on Unix/Linux based systems such as Mac OS X, RedHat, Ubuntu, etc. I've no idea how to get this working on Windows, but I suspect you may have to install CYGWIN or something.

I think that the script is fully secure, as it uses no passwords or certificates or keys. In fact it doesn't even upload anything to the server directly. It merely gets it's attempted connection recorded in the log files of the remote server with a LOT of extra information.

So in theory, you don't even need access to the remote server, but would have to at least be able to make sure the police can get access the server logs. Ideally of course, you should have access to it, to make sure it's working as expected, and for more prompt monitoring in case of actual theft.

Here's the script

Code: Select all

#!/bin/sh

SERVER="<host.dns.name>"
PAGE="heartbeat"

HOST=`/bin/hostname`
DATE=`/bin/date`
IFCONFIG=`/sbin/ifconfig -u | grep inet | grep -v "127.0.0.1"`
TRACEROUTE=`/usr/sbin/traceroute -m 5 $HOST 2>/dev/null | grep -v \*`

urlencode() {
        echo $1 | sed "s/ /__/g; s/     /___/g; s/\n/____/g"
}

DATE=`urlencode "$DATE"`
IFCONFIG=`urlencode "$IFCONFIG"`
TRACEROUTE=`urlencode "$TRACEROUTE"`

URL="http://$SERVER/$PAGE?HOST=$HOST&DATE=$DATE&IFCONFIG=$IFCONFIG&TRACEROUTE=$TRACEROUTE"

curl "$URL" > /dev/null 2>&1


Note that this does not produce correctly encoded URLs, but that doesn't matter as we're not trying to get anything returned from the webserver. In fact we're actually accessing the URL for a page that doesn't even exist (in most cases). Using not quite correct URL encoding makes the results a little easier to read in the log file (I started using full encoding, but the results were horrible from a human-readable perspective). Spaces, TABs and newlines are substituted, however.

To get it to work, just copy it to your computer somewhere (I named the script 'heartbeat' on mine), make it executable ('chmod 755 <path>'), substitute <host.dns.name> for the name of the webserver you want it to connect to (preferably where you have access to the log files), and then create a cron job to run in regularly (I run mine every 15 minutes like so: 0,15,30,45 * * * * /path/to/heartbeat)

Note that this will not work from behind a web proxy without modification. You can make it work with proxies (even with proxy authentication) by using the '-x' (and '-U') arguments for 'curl' (see 'man curl'), but this should only be done for testing purposes, as the proxy information will be invalid if the machine is stolen (unless it is stolen by somebody in your office).

To check that it is working, monitor your servers log file for the word 'heartbeat' (or change it in the script to something else suitable).

Eg: 'tail -f access.log | grep heartbeat'

The entries in the log should look something like this:

Code: Select all

123.123.123.123 - - [04/Sep/2008:17:45:00 -0700] "GET /heartbeat?HOST=local.host.name&DATE=Fri__Sep__5__10:45:00__EST__2008&IFCONFIG=inet6__fe80::1%lo0__prefixlen__64__scopeid__0x1__inet6__::1__prefixlen__128__inet6__fe80::216:cbff:fecb:1180%en0__prefixlen__64__scopeid__0x4__inet__132.132.132.132__netmask__0xffffff00__broadcast__132.132.132.255&TRACEROUTE=1__router1.com.au__(132.132.132.1)__0.772__ms__0.220__ms__0.208__ms__2__sb-router2.com.au__(132.132.1.1)__2.345__ms__2.423__ms__2.285__ms HTTP/1.0" 404 662 "-" "curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3"


[Damien]

I've been meaning to set something like this up for a long time on my MBP.
If you have an Macbook / Macbook Pro you might want to have a look at this:
http://lifehacker.com/software/theft/ha ... 207605.php
You can set it up to take a snapshot from the isight and upload it.

Damien

[Damien]

Another program to use for the same purpose is http://www.orbicule.com/undercover/

[corvus]

SoaB eh!! I walk and post come to my place to do that please

[Joe]

Nice one....just finished playing with it on both my ubuntu machines. The likelyhood of it ever being needed is slim i imagine...but when i get motivated it will go on my lappy...which is where its needed most. thanks nik.