Usb canary-Linux or OSX tool that uses psutil to monitor devices while your computer is locked.

January 24, 2018
USB Canary is a Linux and OSX tool that uses psutil to monitor USB devices either around the clock, or just while your computer is locked. It can be configured to send you an SMS via the Twilio API, notify a Slack channel with it's inbuilt Slack bot, or send a push message through Pushover.
Disclaimer: Under no circumstances should USB Canary be used for production, production-like systems or critical infrastructure.

Getting Started

There are a couple of 3rd party libraries to get USB Canary running - so Linux and OSX users should read the prerequisites for their distribution.

Prerequisites

  • slackclient - A basic client for Slack.com, which can optionally connect to the Slack Real Time Messaging (RTM) API.
  • twilio - A Python module for communicating with the Twilio API and generating TwiML.
  • pushover - Comprehensive bindings and command line utility for the Pushover notification service
  • psutil - Cross-platform lib for process and system monitoring in Python.
  • gcc - GNU Compiler Collection
  • Xcode - Integrated development environment for macOS
  • Quartz - Wrappers for the Quartz frameworks on macOS.

Installing Prerequisites on *Nix

Ubuntu and Debian users will need to make sure they have installed a C compiler such as gcc as well as the python-devpackage.
sudo apt-get install gcc python-dev python-pip
pip install psutil
Major Linux distros also provide binary distributions of psutil. However this is not recommended as *Nix generall ship older versions.
sudo apt-get install python-psutil
You will also need to install the pip apt library through apt this can be done as follows:
sudo apt install python-apt
This library provides access to almost every functionality supported by the underlying apt-pkg and apt-inst libraries. In Debian Jessie it may come with the install but just double check to make sure it's there.

Installing Prerequisites on OSX

OSX users will need to install Xcode first then:
pip install psutil==5.3.1
OSX users will also need to manually install the Quartz Python library as follows:
pip install pyobjc-framework-Quartz
Once distribution specific instractions have been followed the following packages can all be installed via pip, in some cases you may need to use pip with sudo. You can install the packages as follows:
pip install slackclient==1.0.9
pip install twilio==5.7.0
pip install python-pushover==0.3
pip install psutil==5.3.1
pip install sander-daemon==1.0.0

Installing

Before running USB Canary, you will need to configure your settings.json file, which should be located in the root directory. If it is not found here, you will encounter an IOError.
An example settings.json file:
{
  "settings": {
    "slack": {
      "api_key": "xoxb-111111111111-abcdefghijklmnopqrstuvwx",
      "channel_name": "usb_canary",
      "botname": "USB Canary"
    },
    "twilio": {
      "auth_token": "l7cy56u3Nys72vPNRS8TAbaW3X1Ap4ma",
      "account_sid": "wP32p6qFNzJ25FD1IKM0YtX629eoHbrMiV",
      "twilio_number": "+61491570156",
      "mobile_number": "+61491570157"
    },
    "pushover": {
      "priority": 1,
      "user_key": "youruserkeygoeshere",
      "api_token": "yourapitokengoeshere"
    },
    "general": {
      "paranoid": true,
      "screensaver": "xscreensaver",
      "slack": false,
      "twilio": true,
      "pushover": false,
    }
  }
}
Note that paranoidslack and twilio are boolean values and should be set to true or false. If the file is formatted incorrectly and it cannot be parsed, you will get a ValueError, you can use JSONLint if you find yourself having issues with this.

Linux

USB Canary, can 'detect' if you are running XScreenSaver or gnome-screensaver on your computer, this is done by just checking which packages are installed via the apt library, if both of them are installed though, it will leave you to determine which one you are using - if you have an unsupported screensaver, don't fret, you can still run it in paranoid mode.
Paranoid mode is also suitable for people who want to monitor if their servers have had USB's plugged into them, although I haven't tested them on Linode, Amazon Web Services, or Digital Ocean it is suitable for those with physical servers that may need this sort of monitoring.
To start the application:
# Linux users
./usb_canary.py start | stop | restart
# OSX users
sudo ./usb_canary.py start | stop | restart

Source and download

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )