How to Monitor your Mac Desktop with Dropbox

I’m a huge fan of the fabulous, free storage service called Dropbox so when I saw a recent episode of Hak5 which covered monitoring your desktop with Dropbox, obviously, I jumped right in. Turns out, however that the episode only covers how to do this using MS Windows. I decided to whip something up for the rest of us and this article covers how I accomplished it. However, I’m not really sure how realistic it is to think of this as a real security tool. First of all it’s unless you’ve enabled passwordless login, or someone has compromised your password, or you’ve left your mac unlocked… it’s highly unlikely that you’ll find this a much value beyond a science experiment. So that’s what I’m calling it… an experiment in Mac Desktop Monitoring using Dropbox.

If you’re not using Mac OS – you’ll want to head over to either the Hak5 episode or to this link on the Dropbox forum which covers how to accomplish this with windows.

Link to Script Download

Dropbox Mac Desktop Monitoring Script (794)

Requirements

  • First, you need a free dropbox account. I would encourage you to click here and sign-up if you don’t have one already. After you’ve installed Dropbox and have it running, you should have a folder that you’ll use to store files and make them available to multiple computers using the same Dropbox account. In this tutorial, we’ll leverage dropbox to share images of your computer’s desktop in the event that some activity is taking place.
  • Second, you need to install ImageMagick. This is a suite of tools that allows you to create, edit and manipulate graphic files from the command line. The installation is simple if you download the binary for Mac OS X, or you can use MacPorts to install it. Instructions on available on the ImageMagick Site.
  • Lastly, you’ll need to know your way around the terminal app. This script was written in shell and will need to be started via cron on a regular basis or you can enable the loop option by editing the code as directed (Around lines 172 and 242.) If you’re unfamiliar with the Mac OS Terminal or shell commands, Click Here. This package comes with an example crontab entry file called dbmon.crontab. You’ll need to add the contents of this file to your user crontab using the crontab command… eg: crontab -e or crontab < dbmon.crontab.

What’s in the script package?

  • ./dbmon.crontab – Example crontab to run the script every minute.
  • ./dbmon.sh – The monitoring script.
  • ./gpl.txt – GPL Text – this script is covered under the terms of the GNU Public License.
  • ./start – Start script to enable the script once you’ve set it to run via crontab.
  • ./status – Check whether or not the script is enabled or disabled.
  • ./stop – Stop the script – disable it from running.

How does it work?

The script works by taking periodic screenshots and comparing them to each other. Using ImageMagick’s compare utility, we can assign a value to the level of difference between two images. The script allows you to set a tolerance for the difference detection – the default seems to work well and is set at a level of 6. Any difference greater than the tolerance probably means that someone is on your desktop doing something. The script will move the screen captures to a configurable directory (typically under your dropbox folder) and send you an email with the screen capture to alert you.

If you’re using Dropbox from a computer other than the one you’re monitoring during the time an alert fires, you’ll be notified by the dropbox update daemon telling you that you’ve added several images to your dropbox folder.

Why do I need this?

Let’s say you’re a mobile worker, with several machines that you use on a regular basis. You probably have a desktop at work, a laptop and maybe several home computers that you use regularly. Dropbox allows you to have a common file share between all of these computers. This script allows you to leverage the communication and storage channels of dropbox to alert you when someone attempts to use one of your computers.

Combine Dropbox with a remote access tool such as Logmein and you’ve got a pretty good remote monitoring and access suite.

How do I install it?

The script was written in shell and can run pretty much from any directory. I would recommend something like the following to install it and test it out…

  1. Make a directory under your home directory
    [sourcecode language=”plain”]mkdir /Users/you/dbmon[/sourcecode]
  2. Download the script package, untar it and place it in a file under that directory… call it something like dbmon.sh.
  3. Make it executable
    [sourcecode language=”plain”] chmod +x /Users/you/dbmon/dbmon.sh
    [/sourcecode]
  4. Edit the script or simply create a .dbmon configuration file in your home directory (~/.dbmon) and change the variables to reflect your specific environment.
    [sourcecode language=”plain”] computer:dbmon mlynn$ vi ~/.dbmon
    [/sourcecode]
    ~/.dbmon
    [sourcecode language=”plain”] DBMON_TOLERANCE=9
    DBMON_ACTIVE="1"
    DBMON_SCOUNT="2"
    DBMON_SLEEP="1"
    DBMON_VERBOSE=’ON’
    DBMON_PROGNAME=’DBMON’
    # LABEL="ON" doesn’t work… bug in ImageMagick Version 6.6.3
    DBMON_LABEL="OFF"
    DBMON_LABELMESSAGE="Screen Capture $HOSTNAME "
    DBMON_DBPATH=’/Users/you/Dropbox/dbmon’
    DBMON_TMPPATH=’/Users/you/dbmon/tmp’
    DBMON_ALERTEMAIL=’you@gmail.com’
    DBMON_REMOTEOFFSWITCH=’/Users/you/Dropbox/dbmon/OFF’
    DBMON_CONVERT="$MAGICK_HOME/bin/convert"
    DBMON_COMPARE="$MAGICK_HOME/bin/compare"
    DBMON_SCAP="/usr/sbin/screencapture"
    [/sourcecode]
  5. Now you should be able to test the script out by simply running it.
    [sourcecode language=”plain”] computer:dbmon you$ ./start
    computer:dbmon you$ ./dbmon.sh
    [08/09/2010 21:20:49] DBMON: Moving /Users/you/dbmon/tmp/alert/current.png to /Users/you/dbmon/tmp/alert/previous.png…
    [08/09/2010 21:20:49] DBMON: Snapping /Users/you/dbmon/tmp/alert/current.png…
    [08/09/2010 21:20:50] DBMON: Comparing /Users/you/dbmon/tmp/alert/current.png to /Users/you/dbmon/tmp/alert/previous.png…
    [08/09/2010 21:20:51] DBMON: Difference [2925] exceeds tolerance [9]!!
    [08/09/2010 21:20:51] DBMON: Copying /Users/you/dbmon/tmp/alert/current.png to /Users/you/Dropbox/dbmon/201008/20100809-212049.png…
    [08/09/2010 21:20:51] DBMON: Sending alert email to you@gmail.com…
    [08/09/2010 21:20:51] DBMON: Snapping 1
    [08/09/2010 21:20:54] DBMON: Snapping 2
    computer:dbmon you$ ./stop

    [/sourcecode]
  6. Once you’ve got it working, you can create a crontab entry to run it on a regular basis. Place the following in your crontab…
    [sourcecode language=”plain”] * * * * * /Users/you/dbmon/dbmon.sh > /dev/null 2>&1
    [/sourcecode] Keep in mind – this will run EACH AND EVERY MINUTE OF EVERY HOUR OF EVERY DAY OF EVERY MONTH – unless of course you implement the remote off switch file. I created two scripts “start” and “stop” for use in conjunction with the crontab file. The start file simply removes the remote off switch and the stop script replaces it by “touch”ing that file.

    start
    [sourcecode language=”plain”] #!/bin/sh
    #===========================================================================
    #= Script : Monitoring your Mac Desktop with Dropbox
    #= File : start
    #= Version: 0.2
    #= Author : Mike Lynn
    #= Email : merlynn@gmail.com
    #= Website: http://www.mlynn.org/2010/08/how-to-monitor-your-mac-desktop-with-dropbox/
    #===========================================================================
    #= Copyright (c) 2010 Mike Lynn
    #= You are free to use and modify this script as long as this header
    #= section stays intact
    #= This file is part of the "Monitoring your Mac Desktop with Dropbox" script
    #=
    #= This program is free software; you can redistribute it and/or modify
    #= it under the terms of the GNU General Public License as published by
    #= the Free Software Foundation; either version 2 of the License, or
    #= ( at your option ) any later version.
    #=
    #= This program is distributed in the hope that it will be useful,
    #= but WITHOUT ANY WARRANTY; without even the implied warranty of
    #= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    #= GNU General Public License for more details.
    #=
    #= You should have received a copy of the GNU General Public License
    #= along with Mobile Detection Script ; if not, write to the Free Software
    #= Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    #===========================================================================

    . ~/.dbmon
    if [ -z $DBMON_REMOTEOFFSWITCH ]; then
    echo "No remote off switch set for dropbox monitor. Exiting."
    exit 1
    fi
    rm $DBMON_REMOTEOFFSWITCH

    [/sourcecode]
    stop
    [sourcecode language=”plain”] #!/bin/sh
    #===========================================================================
    #= Script : Monitoring your Mac Desktop with Dropbox
    #= File : stop
    #= Version: 0.2
    #= Author : Mike Lynn
    #= Email : merlynn@gmail.com
    #= Website: http://www.mlynn.org/2010/08/how-to-monitor-your-mac-desktop-with-dropbox/
    #===========================================================================
    #= Copyright (c) 2010 Mike Lynn
    #= You are free to use and modify this script as long as this header
    #= section stays intact
    #= This file is part of the "Monitoring your Mac Desktop with Dropbox" script
    #=
    #= This program is free software; you can redistribute it and/or modify
    #= it under the terms of the GNU General Public License as published by
    #= the Free Software Foundation; either version 2 of the License, or
    #= ( at your option ) any later version.
    #=
    #= This program is distributed in the hope that it will be useful,
    #= but WITHOUT ANY WARRANTY; without even the implied warranty of
    #= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    #= GNU General Public License for more details.
    #=
    #= You should have received a copy of the GNU General Public License
    #= along with Mobile Detection Script ; if not, write to the Free Software
    #= Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    #===========================================================================
    . ~/.dbmon
    if [ -z $DBMON_REMOTEOFFSWITCH ]; then
    echo "No remote off switch set for dropbox monitor. Exiting."
    exit 1
    fi
    touch $DBMON_REMOTEOFFSWITCH

    [/sourcecode] Be sure to edit the path’s to the REMOTEOFFSWITCH variable in the .dbmon configuration file located in your home directory.

You will probably want to make sure you have the start and stop scripts configured on several of your machines so that you can remotely control execution of the monitoring script. Keep in mind your environment (like where you have Dropbox installed) may change – so you will need to make sure you configure the REMOTEOFFSWITCH variable accordingly for each installed computer.

Notes and warnings

  • Dropbox offers free storage starting at 2GB – a lot of space… but keep in mind that if you accidentally leave this monitoring script running while you’re logged on you’re going to eventually fill it up and run out of space.
  • A note regarding multiple monitors: This script will only monitor the primary monitor so if you’re using multiple monitors, keep this in mind.
  • Make sure that when you’re testing, you’re haven’t configured the script to write your temporary screen capture files to a place that will visibly change the monitor – like the desktop for example.
  • This initial version of the script contains the configuration variables and might be difficult for someone to implement if they’re not command shell savvy. The next version will probably be a bit more sophisticated and might even incorporate a gui component… let me know if you’re interested in something like by leaving a comment or sending me an email.