Saturday, July 13, 2013

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 5 How to Make your Life Easier


By doing a little bit of preparatory work, we can make the numerous tasks involved with monitoring of the children considerably simpler and also it would require less typing.

IP addresses are assigned on first come first serve basis. So one day, if your oldest son signs on first, he may get 192.168.0.2. On the next day, if he signs on late, he might get 192.168.0.4. This makes it harder for you to determine which computer is which. There are several things that can be done about this.

  1. On most routers, there is a setting to assign a specific IP address to a computers MAC address or Host Name. If you enter:

ifconfig

The first line displayed will have the word Hwaddr, followed by a series of numbers, that will be your MAC address. But you will have to get the right network interface. Eth0 is Ethernet, that is the one if you are using a cable to connect the laptop to the router. More then likely, it is going to be the paragraph starting with wlan0. That will be the wireless network.

  1. If when you set up each laptop, you set the hostname to the child that was going to use the laptop. Upon ssh in the prompt would display something similar to:

parent@johnslaptop

That tells you immediately whose computer you are on. Therefore, if you have already checked that computer this week, sign off and move on to the next one.

If you didn't set that up, it's not too late. Sign in to John's Computer and just type the following command:

sudo leafpad /etc/hostname

And change whatever name is there to johnslaptop and save the file.

If you are unsure of whose computer you are signed on to, you can type “w” (on the terminal program) and it will display any users signed on.

Let's start first with the desktop and the ugly fping utility. So, log into your desktop and start a terminal. We need to check that there is a “bin” directory and that it is in your path. So, type in the following command:

ls -l | grep bin

If nothing is returned, we need to create a bin directory. So type the following:

mkdir bin

Now to see if bin is in our path (case is important):

echo $PATH

If you don't see bin in the output, type

export PATH=$PATH:bin

Almost all Linux Distributions come with a basic GUI editor. Gnome and Xfce usually come with gedit, KDE usually comes with kate or kedit. Bohdi comes with leafpad, but you can install gedit to keep things consistent. Whatever your system came with, run that program. Now enter the following into the editor:

#!/bin/bash
echo 'My IP Address: '
ifconfig | grep 192
echo 'Network IP Addresses'
/usr/sbin/fping -s -g 192.168.0.0 192.168.0.255 -r 1 2> /dev/null | grep alive

Now save the file as “bin/myfping” and then issue the following command

chmod +x bin/myfping

Now when you type in “myfping”, your output will list your IP address first and then followed by all of the “alive” IP Addresses on your network.

Now on each laptop, you will want to create a bin directory on your user account. You will also want to make sure the bin directory is in your path statement. Do all of this as you did on the desktop.

In the E-mail step we determined what the profile name was. We can put this in a script making easy and quick starting of your childs E-mail Program. Note each laptop will have a unique profile filename, therefore your script will also need to be unique on each laptop. Using a text editor we will create a email script as follows:

#!/bin/bash
thunderbird -offline -P “”

Then between the double quotes, put in the Profile File Name. Save the file to something like bin/tbird and then run a:

chmod +x bin/tbird

Which will give the script execution rights. To run it, just type tbird.

Now we will do something similar for sqliteman. Again the places.sqlite filename will be unique on each laptop, so you will have to customize this script for each laptop.

#!/bin/bash
sqliteman /home/charles/.mozilla/firefox/mwad0hks.default/places.sqlite

Then save the file to something like bin/ffhistory and issue a chmod command to give it execution rights.

Eventully, your child will outgrow his or her laptop. They will need to run programs that won't run on these older computers. Make them make a case for it. If it is for entertainment you can always say no. But if the need is real, you can install the needed program on the desktop and then create a user id on the the desktop for them. If it is a Windows application, most will run under wine. And then from their laptop they can ssh into the desktop and they can run the needed programs.

This will maximize your investment in the desktop and their laptops will still be usable as dumb terminals.

Unusual behavior

You may notice one of your children keeping long hours on his or her laptop and be defensive about what they are doing. You can get an Approximate idea as to what they are up to. One easy thing that you can do ssh into there laptop and run the top command. This will show what programs are running. To make it easier to look at, run it as follows “top -u ” Where User ID is your child. This will just show the programs that are owned by your child and not system processes. By looking at the process names, you can determine if they are chatting, doing e-mail or just on the web. If you want a longer term idea of what is going on, you can set up a script like the following:

#!/bin/bash
echo `date` >> /home/parent/ CharlesLog.dat
ps -eo pcpu,pid,user,args | sort -k 1 -r | head -25 | grep >> /home/parent/ CharlesLog.dat

Replacing with your Child's user ID.
The 2nd echo command even though it goes 2 lines is actully just one line.
Note the quotes here are backward ticks (to the left of the one on most keyboards).

Now save this to bin/cmonitor & issue a “chmod + x” to it.

Now create a 2nd file and give it any name you like

*/5 * * * * /home/parent/bin/cmonitor

Save the file and issue the following command

crontab

With being the file you just created. Now the script file bin/cmonitor will run every five minutes adding the output to logfile. The Logfile will end up looking something like the following:

Tue Apr 17 13:28:47 EDT 2012
0.9 3752 charles gedit
0.9 3309 charles /opt/libreoffice3.4/program/soffice.bin --writer
0.3 2913 charles compiz --ignore-desktop-hints glib gconf gnomecompat
0.1 2761 charles /usr/libexec/multiload-applet-2


Each Program Run first writes the Date/Time.
The Columnar data has the first column being percent used, the 2nd has the program pid, the 3rd is the user who owns the script/program and the last column is the script. The next day, you should ssh back into this computer and enter the following command:

crontab -r

That will stop the script from running every 5 minutes. If you don't do this eventually the child would run out of disk space.

No comments: