Key Logging is the process of storing keystrokes with/without the knowledge of user. Keylogging can be hardware based as well as software based. As clear from the name, a hardware based keylogger does not depends upon any software and keystroke logging is done at hardware level itself. Whereas a software based keylogger depends upon a special software for keylogging.
There are number of keylogger software applications for almost all the platforms be it Windows, Mac, Linux. Here we are throwing light on an application package called Logkeys.
What is Logkeys?
Logkeys is a Linux keylogger. It is more updated than any other available keylogger, Moreover logkeys don’t crash the X server, and appears to work in all the situations. Logkeys creates a log of all characters and function keys. Moreover logkeys are aware of Alt and Shift and works well with serial as well as USB keyboards.
There are a lot of keyloggers available for Windows but this is not the case with Linux. Logkeys is not better than any other keylogger application for Linux but certainly it is more updated than other.
Installation of Logkeys in Linux
If you’ve ever installed a Linux tarball packages from source, then you can easily install logkeys package. If you haven’t ever installed a package in Linux from source yet, then you need to install some missing packages like C++ compilers and gcc libraries before proceeding for installation from source.
$ sudo apt-get install build-essential [on Debian based systems]
# yum install gcc make gcc-c++ [on RedHat based systems]
Let’s proceed for the installation, first grab the latest logkeys source package using wget command or use git to clone it as shown:
-------------------- Download Source Package -------------------- $ wget https://github.com/kernc/logkeys/archive/master.zip $ unzip master.zip $ cd logkeys-master/ OR -------------------- Use Git to Clone -------------------- $ git clone https://github.com/kernc/logkeys.git $ cd logkeys
Now build and install logkeys.
$ ./autogen.sh $ cd build $ ../configure $ make $ sudo make install
Now run the locale-gen.
$ sudo locale-gen
Sample Output
Generating locales (this might take a while)... en_AG.UTF-8... done en_AU.UTF-8... done en_BW.UTF-8... done en_CA.UTF-8... done en_DK.UTF-8... done en_GB.UTF-8... done en_HK.UTF-8... done en_IE.UTF-8... done en_IN.UTF-8... done en_NG.UTF-8... done en_NZ.UTF-8... done en_PH.UTF-8... done en_SG.UTF-8... done en_US.UTF-8... done en_ZA.UTF-8... done en_ZM.UTF-8... done en_ZW.UTF-8... done Generation complete.
Usages of logkeys
- logkeys s : Start logging keypress.
- logkeys k : Kill logkeys process.
For detailed information of logkeys usages option, you can always refer to.
# logkeys –help or # man logkeys
Starting the application logkeys using the following command.
$ sudo logkeys -s
Now running a lot of commands.
# ls # pwd # ss # ifconfig
Terminate the process logkeys.
# logkeys -k
Check the log file which by default is ‘/var/log/logkeys.log‘.
# nano /var/log/logkeys.log
To uninstall logkeys, remove all scripts and manuals:
$ sudo make uninstall # in the same build dir
Future Developments Planned
- To add support for sending logs via email
- To add support for logging clipboard content
- To add support for mouse event/mouse click event
References
https://github.com/kernc/logkeys
All the information provided is strictly for educational purpose, Tweaking this article by any means or using the above information to log others users machine is against law and punishable. That’s all for now. Don’t forget to provide us with your valuable feedback. Stay tuned, healthy and connected to Tecmint for more Linux and FOSS news.
Hi, what if the remote terminal to which we have gained access does not have ‘su‘, ‘sudo‘, ‘apt‘ commands enabled? How then can we install your script?
Does this work only on the terminal — or also on websites and such?
Any insight on this issue —
https://github.com/kernc/logkeys/issues/163
all is good but in the log file i see gibrish. i dont know but it looks like yours. any idea how to fix it?
You’ll need to fix the character mapping as explained here https://github.com/kernc/logkeys/blob/master/docs/Keymaps.md
(I realize this is an old post but in case someone else comes across your question)
I’m not getting anything when entering sudo locale-gen. It just says Generating locales (this may take a while) then Generation complete.
I’m running Kali 2 Distro
@Anthony,
That means the command executed successfully, then you can use following command start logging keys:
You can Kill logkeys process by typing:
how to remove keylogger in cent os
@Amit,
If you’ve installed from source, just find and remove all files related to keylogger to complete remove it from system.
hai can u let me know how to install Monitor Keyboard Keystrokes Using ‘LogKeys’ in centos 6.6
@Venu,
The given instructions in this article, will also works on CentOS 6.6. Have you tried the steps? let me know..
Nice =), so far for my system security this happens when you boot my system without it’s special usb key i made for it….. automatically connects to nearest hotspot, connects to tor, enables sshd on tor as hidden service, pings my terminal via tor, starts capturing the screen via /dev/fb0 and takes pictures via the webcam and uploads them via tor to my terminal, 4 times a minute…. so having this makes the security so much more…… so many many thanks for such a useful things…. cheers….. __A
all thats missing now is package capture and mouse tracking….. bottom line, dont nick my laptop as i will be knocking on your door =)
Nice and very helpful article. I have done all the steps as in the post and but my log file is empty. Your help is much appreciated .
I tried installing logkeys in my vps Centos, but got the following error and could not find any solution :
===
checking for /dev/input… no
configure: error: Input event interface devices not found in expected location /dev/input/eventX !
===
please assist
try making the file at the specified location /dev/input/eventx manually with root permission and try to execute once again. Let us know.
I don’t understand the tutorial. I get all the way to the last part and that’s where it gets confusing. The log file does not represent what I typed. Even the picture that you have showing does not represent what YOU typed either. I don’t understand how to read the log file or what’s going on here?
Dear Henrx its the raw data which you can not use directly.
Thanks for the complete tutorial. It worked for me. But, how do we make the tracker automatically start everytime?
You may write a script and make it start automatically at System Boot.
Here is the Process Algo.
1. Write Script
2. sudo mv /script /etc/init.d/
3. sudo chmod +x /etc/init.d/script
4. sudo update-rc.d script defaults
#Script should now start on boot.
The script would be very simple, which will just trigger the command!
Hope it Helps
what is the script to auto start the keylogger
@Amit,
You mean auto start keylogger at system boot? if yes, then add the following command to /etc/rc.local file to auto start at system boot..
[root@localhost logkeys-0.1.1a]# locale-gen
bash: locale-gen: command not found
[root@localhost logkeys-0.1.1a]#
On which distro you’re trying?
Er… Chris Jones.. that was… no “T”… :-)
Sorry chris unable to understand you.
will you be more clear please!
I appreciate your effort. The problem as I see it is that at the end of the day logkeys provides heaps of raw data in a hard-to-read format. Not directly useable. Aren’t there any tools that can be run against a logkeys log file that give some idea of what you did during the day… (not limited to e.g.) stuff like… total number of key presses… total number of times each key was pressed… for each key pressed.. what percentage of the total it accounts for.. times when you were actually typing.. typing speed… total time you actually typed… etc. ? these are just a few examples of stuff that comes to mind without giving it much thought… so there’s surely a lot more… Naturally it would be nice to have the possibility to graph all those stats… If such tools are not available the only purpose of the logkeys program would appear to let someone with administrator privileges snoop on whatever other users of the system are typing.
hahaha
hello
please replace
../configure > ./configure
locale-gen > sudo locale-gen
logkeys s > sudo logkeys – s
Yeah! thanks for correcting, those were typos..:)