USB Canary is a Linux and OSX tool that uses psutil to monitor USB devices either around the clock, or just while your computer is locked. It can be configured to send you an SMS via the Twilio API, or notify a Slack channel with it's inbuilt Slack bot.
There are a couple of 3rd party libraries to get USB Canary running - so Linux and OSX users should read the prerequisites for their distribution.
- slackclient - A basic client for Slack.com, which can optionally connect to the Slack Real Time Messaging (RTM) API.
- twilio - A Python module for communicating with the Twilio API and generating TwiML.
- psutil - Cross-platform lib for process and system monitoring in Python.
- gcc - GNU Compiler Collection
- Xcode - Integrated development environment for macOS
- Quartz - Wrappers for the Quartz frameworks on macOS.
Ubuntu and Debian users will need to make sure they have installed a C
compiler such as gcc
as well as the python-dev
package.
sudo apt-get install gcc python-dev python-pip
pip install psutil
Major Linux distros also provide binary distributions of psutil. However this is not recommended as *Nix generall ship older versions.
sudo apt-get install python-psutil
You will also need to install the pip
apt
library
through apt
this can be done as follows:
sudo apt install python-apt
This library provides access to almost every functionality supported by the underlying apt-pkg and apt-inst libraries. In Debian Jessie it may come with the install but just double check to make sure it's there.
OSX users will need to install Xcode first then:
pip install psutil==5.3.1
OSX users will also need to manually install the Quartz Python library as follows:
pip install pyobjc-framework-Quartz
Once distribution specific instractions have been followed the following
packages can all be installed via pip
, in some cases you may need to
use pip
with sudo
. You can install the packages as follows:
pip install slackclient==1.0.9
pip install twilio==5.7.0
pip install psutil==5.3.1
pip install sander-daemon==1.0.0
Before running USB Canary, you will need to configure your settings.json
file, which should be located in the root directory. If it is not found
here, you will encounter an IOError
.
An example settings.json
file:
{
"settings": {
"slack": {
"api_key": "xoxb-111111111111-abcdefghijklmnopqrstuvwx",
"channel_name": "usb_canary",
"botname": "USB Canary"
},
"twilio": {
"auth_token": "l7cy56u3Nys72vPNRS8TAbaW3X1Ap4ma",
"account_sid": "wP32p6qFNzJ25FD1IKM0YtX629eoHbrMiV",
"twilio_number": "+61491570156",
"mobile_number": "+61491570157"
},
"general": {
"paranoid": true,
"screensaver": "xscreensaver",
"slack": false,
"twilio": true,
}
}
}
Note that paranoid
, slack
and twilio
are boolean values and
should be set to true
or false
. If the file is formatted incorrectly
and it cannot be parsed, you will get a ValueError
, you can use
JSONLint if you find yourself having issues with
this.
USB Canary, can 'detect' if you are running
XScreenSaver
or gnome-screensaver
on your computer, this is done by
just checking which packages are installed via the apt
library, if
both of them are installed though, it will leave you to determine which
one you are using - if you have an unsupported screensaver, don't fret,
you can still run it in paranoid mode.
Paranoid mode is also suitable for people who want to monitor if their servers have had USB's plugged into them, although I haven't tested them on Linode, Amazon Web Services, or Digital Ocean it is suitable for those with physical servers that may need this sort of monitoring.
To start the application:
# Linux users
./usb_canary.py start | stop | restart
# OSX users
sudo ./usb_canary.py start | stop | restart
The following will outline the basic steps to deploying USB Canary to Slack and Twilio.
To use the Twilio integration you will need to get an:
- Auth Token
- Account SID
- Twilio Mobile Number with SMS support
To use the Slack integration you will need to setup a bot user
Exit Code | Reason | Solution |
---|---|---|
0 | PASSED | |
400 | Unknown command. | Usage: `./usb_canary start |
401 | Paranoid option not set. | Check that paranoid is set to true or false |
402 | Screensaver is not supported. | Currently known working screensavers include: XScreenSaver, gnome-screensaver |
403 | Screensaver conflict. | Screensaver detected, but both packages have been found. The user needs to be manually specified in the settings.json file |
404 | Slack credentials not provided. | Slack flag has been set, but credentials not provided, check settings.json |
405 | Slack credentials incorrect. | Slack flag has been set, but credentials are not correct, check settings.json |
406 | Twilio credentials not correct. | Twilio flag has been set, but credentials not provided, check settings.json |
407 | Twilio account SID not set | Twilio SID value has not been set, check settings.json |
408 | Twilio API token is blank | Twilio API token has not been set, check settings.json |
409 | Receiving mobile # is blank | Twilio receiving mobile number has not been set, check settings.json |
410 | Twilio mobile # is blank | Twilio allocated mobile number has not been set, check settings.json |
411 | Twilio key missing in settings.json | Twilio JSON block is not in settings file, check settings.json |
501 | settings.json file missing. |
Download setting.json from Github |
502 | Unable to parse settings.json | Check for erroneous symbols, use JSONLint to check formatting |
503 | Paranoid option not set correctly. | Paranoid option not set, or set incorrectly |
504 | Screensaver not found. | Screensaver not set, set incorrectly, or there was a problem detecting screensaver. |
505 | Verify that your operating system is supported. | Currently known working operating systems include: Debian Jessie, Debian Stretch, Ubuntu ZestyZapus |
506 | Screensaver or paranoid setting is not set correctly. | Check settings.json |
507 | Verbose logging option not set. | Check that verbose is set to true or false (without the quotes). True enables debugging, False enables info and higher |
- Python 3
- slackclient - A basic client for Slack.com, which can optionally connect to the Slack Real Time Messaging (RTM) API.
- twilio - A Python module for communicating with the Twilio API and generating TwiML
- psutil - Cross-platform lib for process and system monitoring in Python.
- Quartz - Wrappers for the Quartz frameworks on macOS
- python-apt - A library that provides access to almost every functionality supported by the underlying apt-pkg and apt-inst libraries
See the CONTRIBUTING file for details.
We use a simple major.minor.patch versioning where
- A major version change will make changes that are incompatible with previous versions
- A minor version change will add backwards-compatible functionality or bug-fixes
- A patch version change will add backwards-compatible bug-fixes
- errbufferoverfl - Initial work - Security Tester by day, someone with too much time on their hands by night.
This project is licensed under the GNU GPLv3 License - see the LICENSE file for details.