Install StaffCop agent for Linux

Staffcop Linux Agent is at the stage of active development and it meant to work on any Linux-systems. It was successfully tested to be compatible with:

  • CentOS;

  • Ubuntu Desktop;

  • Debian;

  • Gentoo linux;

  • Astra linux;

  • Arch linux;

  • Rosa linux.

  • AltLinux 8.2

Functionality

  • Linux agent configuration is set up in admin panel

  • Screenshots at a specified interval

  • Screenshots at changing window focus

  • Configuring of Screenshots quality (compression level)

  • Record application attributes - window titles and icons

  • Count activity time in applcations

  • Keylogger

  • Record USB connections

  • Block USB devices with white or black lists

  • Record facts of login/logout of the system (including remote ssh connections)

  • Logs of terminal commands input

  • Recording printing events (CUPS)

  • Remote control

  • Desktop video recording

  • Record history and time of web activity in Firefox и Chrome.

  • Intercept clipboard content

  • Agent can be managed in command prompt

  • Track system log-files

  • Record sound from the connected microphones.

  • Keylogger that works outside X Windows

  • Take web-cam snapshots

  • Track file operations: defining file operations, support for monitoring rules (black / white lists)

  • Shadow copies of files when intercepting file operations.

  • Block websites.

  • Record linux-sessions into a GIF-filr.

Agent download

It can be downloaded in a similar way

../_images/linux_download.png

Agent installation

For installation download the agent on the targeted workstation you want to monitor and run the command

sudo bash agent-install.sh 192.168.1.134 443

where you should state the IP-address of you Staffcop Server (192.168.1.134 in the example) as the first argument

Note

Sudo command is used in Ubuntu. It may vary on other Linux distributives.

Warning

When updating Linux agent the script removes all agent files. To update Linux agent correctly it’s required to install an agent anew after a reboot.

Configure interception of printing

  1. Disable AppArmor onm a workstation with installed agent.

  2. Enable the following options in the “Computer configuration”:

  • “Files” - “Shadow copying”.

  • “Printers” - “Printing”.

  1. Install libmagic - library required for defining Content-Type of files.

sudo apt-get install libmagic-dev

  1. Reboot PC.

Supported commands

Print current configuration

sudo /usr/share/staff/agent config

Create archive with agent logs

sudo /usr/share/staff/agent zip

Uninstallation

Run the command:

sudo bash agent-install.sh uninstall

Mass installation with ansible

The playbook for ansible is currently in testing phase. The IP-address of the host should be manually written there.

---
- hosts: localhost
  sudo: no
  tasks:

    - name: download agent for linux
      get_url:
        url: http://distr.staffcop.su/agent-install.sh
        dest: /tmp/agent_installer.sh

- hosts: all
  sudo: yes
  tasks:

    - name: install agent for remote host
      script: /tmp/agent_installer.sh 192.168.1.134 443