https://www.tecmint.com/logkeys-monitor-keyboard-keystroke-linux

LogKeys: Monitor Keyboard Keystrokes in Linux

Keylogging, short for “keystroke logging” is the process of recording the keys struck on a keyboard, usually without the user’s knowledge.

Keyloggers can be implemented via hardware or software:

• Hardware keyloggers intercept data at the physical level (e.g., between the keyboard and computer).
• Software keyloggers, like LogKeys, capture keystrokes through the operating system.

This article explains how to use a popular open-source Linux keylogger called LogKeys for educational or testing purposes only. Unauthorized use of keyloggers to monitor someone else’s activity is unethical and illegal.

What is LogKeys?

LogKeys is an open-source keylogger for Linux that captures and logs keyboard input, including characters, function keys, and special keys. It is designed to work reliably across a wide range of Linux systems without crashing the X server.

LogKeys also correctly handles modifier keys like Alt and Shift, and is compatible with both USB and serial keyboards.

While there are numerous keylogger tools available for Windows, Linux has fewer well-supported options. Although LogKeys has not been actively maintained since 2019, it remains one of the more stable and functional keyloggers available for Linux as of today.

Installation of Logkeys in Linux

If you’ve previously installed Linux packages from a tarball (source), you should find installing the LogKeys package straightforward.

However, if you’ve never built a package from source before, you’ll need to install some required development tools first, such as C++ compilers and GCC libraries, before proceeding.

Installing Prerequisites

Before building LogKeys from source, ensure your system has the required development tools and libraries installed:

On Debian/Ubuntu:

sudo apt update
sudo apt install build-essential autotools-dev autoconf kbd

On Fedora/CentOS/RHEL:

sudo dnf install automake make gcc-c++ kbd

On openSUSE:

sudo zypper install automake gcc-c++ kbd

On Arch Linux:

sudo pacman -S base-devel kbd

Installing LogKeys from Source

First, download the latest LogKeys source package using the wget command, then, extract the ZIP archive and navigate into the extracted directory:

wget https://github.com/kernc/logkeys/archive/master.zip
unzip master.zip  
cd logkeys-master/

or clone the repository using Git, as shown below:

git clone https://github.com/kernc/logkeys.git
cd logkeys

Next, run the following commands to build and install LogKeys:

./autogen.sh         # Generate build configuration scripts
cd build                  # Switch to build directory
../configure              # Configure the build
make                      # Compile the source code
sudo make install         # Install binaries and man pages

If you encounter issues related to keyboard layout or character encoding, regenerate your locale settings:

sudo locale-gen

Usage of LogKeys in Linux

Once LogKeys is installed, you can begin using it to monitor and log keyboard input using the following commands.

Start Keylogging

This command starts the keylogging process, which must be run with superuser (root) privileges because it needs access to low-level input devices. Once started, LogKeys begins recording all keystrokes and saves them to the default log file: /var/log/logkeys.log.

Note: You won’t see any output in the terminal; logging runs silently in the background.

sudo logkeys --start

Stop Keylogging

This command terminates the keylogging process that was started earlier, which is important to stop LogKeys when you’re done, both to conserve system resources and to ensure the log file is safely closed.

sudo logkeys --kill

Get Help / View Available Options

The follwing command will displays all available command-line options and flags you can use with LogKeys.

logkeys --help

Useful options include:

• --start : Start the logger
• --kill : Stop the logger
• --output <file> : Specify a custom log output file
• --no-func-keys : Don’t log function keys (F1-F12)
• --no-control-keys : Skip control characters (e.g., Ctrl+C, Backspace)

View the Logged Keystrokes

The cat command displays the contents of the default log file where LogKeys saves keystrokes.

sudo cat /var/log/logkeys.log

You can also open it with a text editor like nano or less:

sudo nano /var/log/logkeys.log
or
sudo less /var/log/logkeys.log

Uninstall LogKeys in Linux

To remove LogKeys from your system and clean up the installed binaries, manuals, and scripts, use the following commands:

cd build
sudo make uninstall

This will remove all files that were installed with make install, including the logkeys binary and man pages.

Conclusion

LogKeys is a powerful keylogger for Linux that enables users to monitor keystrokes in a variety of environments. Its compatibility with modern systems and ease of installation make it a valuable tool for security auditing, parental control testing, and educational research.

However, it’s crucial to emphasize that keylogging should only be used in ethical, lawful contexts—such as with explicit user consent or for personal system monitoring. Misuse can lead to serious legal consequences. Use responsibly and stay informed.

https://www.tecmint.com/create-new-service-units-in-systemd

How to Use Systemd to Run Bash Scripts at Boot in Linux

A few days ago, I came across a CentOS 8 32-bit distro and decided to test it on an old 32-bit machine. After booting up, I realized there was a bug causing the network connection to drop. Every time I rebooted, I had to manually bring the network back up, which led me to wonder: How can I automate this process with a script that runs every time the system boots?

The solution is straightforward, and today, I’ll show you how to do this using systemd service units, but before we jump into that, let’s first take a quick look at what a service unit is and how it works.

In this article, we’ll cover the basics of systemd service units, their relationship with “targets,” and how to set up a service unit to run a script at boot. I’ll keep things simple, focusing on the practical steps, so you’ll have everything you need to know to tackle this on your own.

What is a Systemd Service Unit?

In simple terms, a service unit in systemd is a configuration file that defines how a service should behave on your system. It could be something like a network service, a program, or even a script that needs to run when your computer boots or at a specific point during the boot process.

These service units are grouped into targets, which can be seen as milestones or stages in the boot process. For example, when your system reaches the multi-user target (runlevel 3), certain services will be started. You can think of these targets as “collections” of services that work together at various stages of the boot sequence.

If you’d like to see the services running in a particular target (for example, graphical.target), you can use the systemctl command:

systemctl --type=service

This will show you all active services in your current target. Some services run continuously, while others start up once and then exit.

List All Active Services

Checking the Status of a Service

If you’re curious about a particular service, you can use systemctl status to see whether it’s active or inactive:

systemctl status firewalld.service

This command checks the status of the firewalld service. You’ll notice that it’s active, meaning it’s running, and enabled, which means it will start automatically on the next boot.

You can also stop a service temporarily (until the next boot) using:

systemctl stop firewalld.service
systemctl status firewalld.service

This will stop the firewalld service for this session, but won’t prevent it from starting up next time.

Check Status of Service

Enabling and Disabling Services

To ensure a service starts automatically on boot, you need to enable it, which will create a symbolic link in the appropriate target’s wants folder:

systemctl enable firewalld.service

To disable it, you would simply run:

systemctl disable firewalld.service

Enabling and Disabling Systemd Services

Creating a Custom Service Unit

To set up a service that runs a script at boot, we’ll create a new service unit under the /etc/systemd/system directory, here you’ll see existing service unit files and folders for different targets.

cd /etc/systemd/system
ls -l

Existing Service Unit Files

Let’s create our own service unit called connection.service using Vim or your preferred text editor to create it:

vim connection.service
Or
vi connection.service

Add the following content to the file.

[Unit]
Description=Bring up network connection
After=network.target

[Service]
ExecStart=/root/scripts/conup.sh

[Install]
WantedBy=multi-user.target

Explanation:

• [Unit]: The unit’s metadata. We’ve given it a description and told it to run after network.target, meaning it will only execute after the network has been initialized.
• [Service]: This section defines the command to execute when the service starts. In this case, it runs the script conup.sh.
• [Install]: This section tells systemd that the service should be loaded at the multi-user target, which is the standard runlevel for most systems.

Now, enable the service so it will start automatically on the next boot:

systemctl enable connection.service

You can confirm that it has been enabled by checking the multi-user.target.wants directory:

ls -l multi-user.target.wants/

The symbolic link to connection.service should now be present. However, we still need to create the script that this service will run.

Verify Service Unit File

Creating the Script

Let’s now create the conup.sh script that will bring the network connection up.

cd /root
mkdir scripts
cd scripts
vi conup.sh

Add the following line to bring the network up, here the script uses the nmcli command to bring the network connection on the enp0s3 interface up.

#!/bin/bash
nmcli connection up enp0s3

Don’t forget to make the script executable.

chmod +x conup.sh

At this point, the service is ready to go.

SELinux Contexts (For RHEL/CentOS Users)

If you’re using a RHEL-based system (like CentOS or Rocky Linux), don’t forget about SELinux, which can block scripts from running if the correct security context isn’t applied.

To temporarily set the context so the system treats the script as a regular executable, use:

chcon -t bin_t /root/scripts/conup.sh

However, this change won’t survive a reboot or file relabeling.

To make it permanent, use:

semanage fcontext -a -t bin_t "/root/scripts/conup.sh"
restorecon -v /root/scripts/conup.sh

This step ensures the script continues to run properly even after reboots or SELinux policy reloads.

Testing the Service

To test it without rebooting, you can start it manually.

systemctl start connection.service

If everything is set up correctly, the service will execute the script, and your network connection should be restored.

Alternatively, if you wrote a simpler script like touch /tmp/testbootfile, you can check if the file was created in /tmp to confirm the service is running as expected.

Conclusion

By now, you should have a good understanding of systemd service units and how to create and manage them on your system. You’ve also automated a common task – bringing up the network connection on boot using a simple service unit.

Hopefully, this guide helps you get more comfortable with managing services, targets, and scripts in systemd, making your system more automated and efficient.

https://www.tecmint.com/dpkg-command-examples

15 Useful ‘dpkg’ Commands for Debian and Ubuntu Users [With Examples]

Debian GNU/Linux is the backbone of several popular Linux distributions like Knoppix, Kali, Ubuntu, Mint, and more. One of its strongest features is its robust package management system, which makes installing, removing, and managing software a breeze.

Debian and its derivatives use a variety of package managers such as dpkg, apt, apt-get, aptitude, synaptic, tasksel, dselect, dpkg-deb, and dpkg-split. each serving a different purpose.

Let’s quickly go over the most common ones before diving deeper into the dpkg command.

Common Debian-Based Package Managers

Command	Description
apt	apt, short for Advanced Package Tool, is used in Debian-based systems to install, remove, and update software packages.
aptitude	aptitude is a text-based front-end to apt, great for those who prefer a terminal-based interface with menus.
synaptic	synaptic is a graphical package manager that makes it easy to install, upgrade, and uninstall packages even for novices.
tasksel	tasksel allows users to install all packages related to a specific task (like a desktop environment or a LAMP server).
dselect	dselect is a menu-driven package management tool initially used during the first install, and is now replaced with aptitude.
dpkg-deb	Used for working directly with .deb archives – creating, extracting, and inspecting them.
dpkg-split	dpkg-split is useful for splitting and merging large files into chunks of smaller files to be stored on media of smaller sizes, such as floppy disks.

dpkg is the main package management program in Debian and Debian-based systems, used to install, build, remove, and manage packages. aptitude is the primary front-end to dpkg.

Some of the most commonly used dpkg commands, along with their usages, are listed here:

1. Install a Package on Ubuntu

To install a package using dpkg, you need to download .deb package file from the following official package repository sites for Debian and Ubuntu-based distributions.

• packages.debian.org
• packages.ubuntu.com

Once downloaded, you can install it using the -i option followed by the name of the .deb package file.

sudo dpkg -i 2048-qt_0.1.6-2+b2_amd64.deb

Install the Deb Package

2. List Installed Packages on Ubuntu

To view and list all the installed packages, use the “-l” option along with the command.

dpkg -l

List Installed Debian Packages

To view a specific package installed or not, use the option “-l” along with the package name. For example, check whether the apache2 package is installed or not.

dpkg -l apache2

Check Package Installation

3. Remove a Package on Ubuntu

To remove the “.deb” package, we must specify the package name “2048-qt” with the “-r” option, which is used to remove/uninstall a package.

sudo dpkg -r 2048-qt

Remove Deb Package

You can also use ‘p‘ option in place of ‘r' which will remove the package along with the configuration file. The ‘r‘ option will only remove the package and not the configuration files.

[root@tecmint~]# dpkg -p flashpluginnonfree

4. View Contents of a .deb Package

To view the content of a particular .deb package, use the “-c” option, which will display the contents of a deb package in long-list format.

dpkg -c 2048-qt_0.1.6-2+b2_amd64.deb

View Contents of Deb Package

5. Check Status of Deb Package Installation

Using “-s” option with the package name will display whether a deb package is installed or not.

dpkg -s 2048-qt

Check Deb Package Installation

6. List Files Installed by Deb Package

To list the location of all the files installed by a particular package, use the -L option as shown.

dpkg -L 2048-qt

List Files Installed by Deb Package

7. Install Multiple Debian Packages from a Directory

Recursively install all .deb files found in specified directories and all of their subdirectories, use the '-R' and '--install' options.

For example, to install all '.deb' packages from the directory named ‘debpackages‘.

sudo dpkg -R --install debpackages

Install All Deb Packages

8. Extract Contents of a Deb Package

To extract the contents of a .deb package but does not configure the package, use the --unpack option.

sudo dpkg --unpack 2048-qt_0.1.6-2+b2_amd64.deb

Extract Contents of Deb Package

9. Reconfigure a Unpacked Deb Package

To configure a package that has been unpacked but not yet configured, use the “--configure” option as shown.

sudo dpkg --configure flashplugin-nonfree

10. Updating Package Information in System Database

The “–-update-avail” option replaces the old information with the available information for the package file in the package management system’s database.

sudo dpkg --update-avail package_name

11. Delete Information of Package

The action “--clear-avaial” will erase the current information about what packages are available.

sudo dpkg –-clear-avail

12. Forget Uninstalled and Unavailable Packages

The dpkg command with the option “–forget-old-unavail” will automatically forget uninstalled and unavailable packages.

sudo dpkg --forget-old-unavail

13. Display dpkg Licence

dpkg --licence

14. Display dpkg Version

The “--version” argument will display the dpkg version information.

dpkg –version

15. View dpkg Help

The “--help” option will display a list of available options of the dpkg command.

dpkg –help

That’s all for now. I’ll soon be here again with another interesting article. If I’ve missed any commands in the list, do let me know via comments.

Till then, stay tuned and keep connected to Tecmint. Like and share with us and help us spread. Don’t forget to mention your valuable thoughts in a comment.