Install StaffCop agent for Linux¶
Staffcop Linux Agent is at the stage of active development and it meant to work on any Linux-systems. It was successfully tested to be compatible with:
Linux agent configuration is set up in admin panel
Screenshots at a specified interval
Screenshots at changing window focus
Configuring of Screenshots quality (compression level)
Record application attributes - window titles and icons
Count activity time in applcations
Record USB connections
Block USB devices with white or black lists
Record facts of login/logout of the system (including remote ssh connections)
Logs of terminal commands input
Recording printing events (CUPS)
Desktop video recording
Record history and time of web activity in Firefox и Chrome.
Intercept clipboard content
Agent can be managed in command prompt
Track system log-files
Record sound from the connected microphones.
Keylogger that works outside X Windows
Take web-cam snapshots
Track file operations: defining file operations, support for monitoring rules (black / white lists)
Shadow copies of files when intercepting file operations.
Record linux-sessions into a GIF-filr.
It can be downloaded in a similar way
For installation download the agent on the targeted workstation you want to monitor and run the command
sudo bash agent-install.sh 192.168.1.134 443
where you should state the IP-address of you Staffcop Server (192.168.1.134 in the example) as the first argument
Sudo command is used in Ubuntu. It may vary on other Linux distributives.
When updating Linux agent the script removes all agent files. To update Linux agent correctly it’s required to install an agent anew after a reboot.
Configure interception of printing¶
Disable AppArmor onm a workstation with installed agent.
Enable the following options in the “Computer configuration”:
“Files” - “Shadow copying”.
“Printers” - “Printing”.
Install libmagic - library required for defining Content-Type of files.
sudo apt-get install libmagic-dev
Print current configuration
sudo /usr/share/staff/agent config
Create archive with agent logs
sudo /usr/share/staff/agent zip
Run the command:
sudo bash agent-install.sh uninstall
Mass installation with ansible¶
The playbook for ansible is currently in testing phase. The IP-address of the host should be manually written there.
--- - hosts: localhost sudo: no tasks: - name: download agent for linux get_url: url: http://distr.staffcop.su/agent-install.sh dest: /tmp/agent_installer.sh - hosts: all sudo: yes tasks: - name: install agent for remote host script: /tmp/agent_installer.sh 192.168.1.134 443