Slashdot Mirror
Free Software Tracking a Stolen Computer?
JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"
cron a bash script. /sbin/ifconfig | mail you@where.com
Nice idea! And if OSX has ifup/ifdown scripts for the network interfaces (like in e.g. Debian) it's easy to get you laptop to automatically set up a tunnel whenever the network interface is brought up :-)
Create a cronjob for root:
/usr/local/bin/checkWeb.sh
/usr/local/bin/checkWeb.sh could contain:
crontab -e
0 * * * *
The file
#!/usr/bin/bash
wget http://your.host.name/stolenweb.html
if grep "It is stolen" stolenweb.html ; then
[generatereports and send it off]
fi
rm stolenweb.html
It's a really rather simple setup that checks the webpage once each hour. If the webpage contains "It is stolen", then you do the reports-generating and whatever.
"Rune Kristian Viken" - http://www.nwo.no - arca
He used Timbuktu to get onto the machine. Using that keyword helps get results back from Google. It was actually a story on slashdot, here. The link in the story is slightly broken, but it's just moved a bit: the story.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
No need to mess with the BIOS, your bootloader could do the work.
:P
Not if the disk is whiped clean before boot.
My other account has a 3-digit UID.
Admittedly, this is slightly (only slightly) off topic, but how does one do that with the ssh tunnel, so you can go back in from outside the computer that started the ssh session?
Here's one way. I'll ssh from mercury to ceres so that ceres can ssh back to mercury.
First ssh from mercury to ceres:
The "-R 5555:127.0.0.1:22" switch means, "on the remote end (ceres), please make port 5555 connect to 127.0.0.1 (mercury), port 22 (ssh)."
Now, on ceres:
This says to ssh to port 5555 on ceres, which is really the ssh tunnel established by the ssh we did into ceres from mercury.
SSH tunneling is a many-splendered thing.
System: Apple iBook running OS X Panther.
... also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up.
Start by checking the apple.com website and see what options you should begin with. One observation above is to use File Vault to secure your personal data. This is all well and good, but it makes it tough to take one of the later steps.
In the event of its theft, I would like to have the thing send me its IP address
As has been noted this is not difficult. Set up a cron job, or even a boot job to find out the laptop's IP address (ifconfig |grep inet |mail me@myisp.com -s 'iBook's IP") and you get the ip on the lan in the body of the e-mail, and the external IP in the headers. Presuming smtp is not blocked. If you install the perl libraries for Jabber, you could even send a jabber message via a similar process.
Note that if you have been rsync on a regular basis to backup your personal data, which can be done across an ssh session, you may not need to do any sftp backups, and you could have a cron job take care of this so you are covered.
Several of the posters above have noted that you could use wget to pull down a "hidden" page on your personal web server with instructions. For that matter you could build a script that would be posted to that page, perhaps with a marker character before each line, (such ah $) that you grep out of the downloaded page, cut the first character out of the line, then save it with a random name, chmod the file to executable, then execute it. At that point the script could be doing anything you ask of such a script. Including downloading executables, and even running 'dd -if=/dev/null -of=/dev/disk0' to wipe the hd yourself.
Elsewhere others have noted that if the thief wipes your hard drive before they re-boot it, none of this works. That's as good of a reason as any to schedule backups of your personal data. It won't help you recover the laptop, or tell the police where the laptop is, but at least you have your personal data.
This also won't help if your laptop is not connected to a network of some sort. If they pull your HD and toss it into a second computer as a secondary drive, then you will want to have all of your data in a 'file vault' to restrict access. Sure with enough time they can break the encryption, and ultimately start performing identity theft on you, but the time involved is unlikely to be worth it to such a person. It's far more likely that they will wipe the drive, pawn the laptop, and hunt for another laptop that is not going to take so much effort to access the user information on.
Then again, these are just my opinions. I have been known to be wrong, so I do wish you good luck.
-Rusty
You never know...
lol, if the thief thinks taking the hard drive out will give them data access they'll have a stiff surprise waiting the day they try it.
At home and away, keep your valuable documents safe with powerful AES-128 encryption. FileVault automatically encrypts and decrypts the contents of your home directory on the fly.
I like my women like my coffee... pale and bitter.
In addition to one of these "mailer" ideas, might I suggest having some "hard" evidence that it is, indeed, your computer (besides it having gone to the page that you asked it to or whatever).
:) My iBook is insured with the rental company where I got it (I'm poor, but I still gotta have a mac!). The first thing they ask for on a claim is "serial number", so this may be perfect, really.
0 330144040245#comments
Make it send you the serial number
Check out this link on macosxhints: http://www.macosxhints.com/article.php?story=2004
It describes how to write a bash script to get your machine serial number! Very, very cool.
BOL
Bard
About using an IM protocol... A friend of mine recently installed a computer in his car for the purpose of playing his MP3's off of it. I wrote up a small program that reports whenever it is connected to the internet with a new (external) IP. To do this, it logs into AIM using some custom code (though Perl:AIM will work just fine). The one downside to using AIM is the reliance on this friend being signed on at the time, so I have the message, containing the external and internal IPs routed through DoorManBot (Check the site out or the SN DoorManBot3 if you haven't used it) to ensure that they are notified. The program stays connected to AIM, creating a tunnel through any possible firewalls that may be in the way, and will execute commands coming from any of a set of Screen Names (keyed to his ScreenNames, as opposed to signing each message going out, so he can execute commands as if he were at the command prompt). I hope this shows how AIM can be useful for creating a backup back-door
Send offline messages on AIM with DoorManBot