Poor man's free LOJACK for linux laptop

[JaguarNight]

I thought I'd throw an idea out: basic free security for linux laptops - LoJack
( LoJack is basically a software app for laptop tracking )
http://en.wikipedia.org/wiki/Lojack

Basically an idea is a bash script that would run automatically on logon or/and shutdown
that would send an email with a laptops IP address for purposes of tracking the laptop's location.
If a laptop is stolen at least you can get thief's IP number...

If there is already a free linux LoJack I would like a link ?

here are a couple but they seem to be overly complicated...
http://preyproject.com/
http://www.linuxplanet.com/linuxplanet/ ... ls/6744/1/

Here is a script I found on google, this basically does something similar, but it needs to be
checked out in Mint to make sure it's working right and that it emails *external IP address*,
anybody with free time, please test it out and see if it works in Mint
http://www.syntaxtechnology.com/2009/06 ... d-restart/
the ubuntu version is down the page, in the comments area.

One note: when laptop boots, sometimes wifi needs to be connected ( which could take
a couple of minutes ) , before sending an email out, so there needs to be a delay in
starting this script on boot which is easy to do with: sleep 120 && lojackscript.sh

Regards.

[DrHu]

That is not good enough, you need something that is better hidden and can't be disabled via a hard drive format..
http://en.wikipedia.org/wiki/LoJack#LoJack_for_Laptops

• Recently[when?], Dell, Lenovo, Panasonic and Fujitsu appear to have discontinued this method and require manual installation.[citation needed] Once enabled, Computrace cannot be disabled or deinstalled without assistance from Absolute Software, not even by reformatting or substituting the hard disk, because the BIOS keeps reinstalling or repairing it prior to loading the operating system.

• They obviously haven't considered someone who will flash or replace the BIOS chip..

For example, anyone who steals a notebook, will either shred/wipe the hard drive and reformat it or toss the hard-drive and replace it or sell it without a hard-drive
--but that's only my guess, I am not in that business

The second reason it won't be that useful, is that in order to get a theft report and a return of a product, you would need to involve the police, and they may not be so keen to respond to a single individual's theft report, but they may do so, if there is a business that can provide them with reliable reports, based on their clientele
--which might even include Police departments themselves

However for a single individual who wants to try and get his notebook back after a theft, something such as you suggest may work, if the thief is not too intelligent.

[JaguarNight]

I understand all that, but I thought to start with a simple script that would email external ip address to a given email address after logon.
This would be a absolute minimum, then methods can be employed to hide the script, if hard drive boots at least you got a minimal trace = ip address.
Then it's a matter of pinning the IP address to a specific location...

I used to have a simple lojack like that in windows, it worked well...

If anybody got the script, then post it here.
I will try to write one as well.

Regards.

[sgosnell]

What is needed is something like the Android app "Plan B". When you lose your Android phone, you run it from a PC, and the app is installed on the phone remotely, without notification, and the phone then enables the GPS and continuously sends the location to the specified email until it's uninstalled. I tried it on my phone, and since GPS reception in my home is spotty, it showed it in the wrong room on Google Maps, but close enough, certainly it was showing the correct house. Finding a way to do that on a Linux system would be problematic, of course.

[JaguarNight]

I finally wrote a script, it takes my external IP, some other info and emails it out at logon,
it's working well, is fast, under 1 sec, silent, and the funny thing is Firestarter firewall has no clue
Linux firewalls really suck as far as identifying out connections by applications...
talking about security holes...

I used sendemail CLI app in that script.

Regards.

[DrHu]

I finally wrote a script, it takes my external IP, some other info and emails it out at logon,
it's working well, is fast, under 1 sec, silent

OK then; however you are providing access to port 25, which almost all ISP(s) will block, as they are afraid of illegal or block emailing
--by doing that they have shutdown a larger percentage of email SPAM..

Linux firewalls really suck as far as identifying out connections by applications...
talking about security holes...

Not really, and like many items for UNIX/Linux, it can be managed by the user who wants to dig into the setup files..

For most, the default selections are fine, usually http in/out only, or maybe also IPP for printers, somewhat like windows file and print support, which is a default for a windows OS..
--even if IPP (internet printing Protocol) is a type of security risk.
http://en.wikipedia.org/wiki/Internet_Printing_Protocol

Most people would want an internet/web connection..
http://linuxgazette.net/103/odonovan.html

• Scenario 1: Standard Home Computer
  For the standard user using his/her home computer for Internet browsing, e-mail, etc. then the above firewall is all that is needed as it allows all connections out while preventing any connections that are not related.
  For a more paranoid user that wants to control and log all outgoing connections we might use a firewall configuration such as the following:

I'll only end by saying any thief worth his salt will not connect to any external network, until they have examined the stolen device: a notebook in this case

• Also unless you have encrypted your files, such as the /home directory, even if you recovered the notebook, your data might already be gone

--if you believe that the method you propose gets you more security, well and good: I don't see it myself..

• But experiments are such fun, and I commend you for experimenting..

[JaguarNight]

Good link thanks!

However the so called "paranoid out" rules are too general and too broad...
Need per app/service/script rules - standard approach, just not yet the time for linux, security is still not a problem for most users and that's good.

Typical firewall setup:
- you install your firewall
- you ban all connections in and out first
- you start creating allow rules for in and out as you start using your applications - opening up one application after another
- this way you only allow in and out for the apps you know, the rest is blocked

It's not that tight in linux... you can't narrow down to a single app/script/service.
GUFW - has some p2p apps options and for services as well, so the limitation of the firewall is
that it probably can't detect apps very well yet.

Any lojack is useless if your wi-fi is off on your laptop.
Most of lojacks are hard drive installed and thus have limits to their effectiveness as well.
My script has limitations, however the moment the wifi is on and there is internet connection - it will do it's job in under 1 sec.
So it's a minimum of what is required, by no means a perfect solution.

Regards.

[JaguarNight]

See this link as well
http://forums.linuxmint.com/viewtopic.php?f=47&t=75367

In this lojack script that generates and emails lojack report I added
a list of all wifi networks that the machine picks up around the area,
( wifi ids, power levels, quality, macs, etc...)
The idea is not only to get IP but also all wifi IDs in the area, so that location could be
pinpointed easier... you could drive around the area scanning for thief's wifi ID, once
you found it wifi radar app could be used to zero in on the location

Regards.

[JaguarNight]

I added several more functions to the LoJack
- sends out the info without having to log into X
- identifies wifi network/hotspots names
- record video on laptop's built-in webcam
- webcam snapshot
- sound snapshot
- desktop snapshot
- report email encryption

working on adding some more functions:
- geolocation, if that works then lojack will be able to locate the laptop very accurately, down to street/house
- forcing wifi ON
- ssh to laptop's root

After that, if all works, I may release it out to public.
Regards.