While I don’t disagree with the idea of keylogging on company computers per se, I do feel that it opens up so many legal liabilities that no sane legal counsel would ever sign off on the idea. I can think of multiple security and legal implications surrounding it.

Many of the earlier comments have stated that they would support keylogging in businesses, provided that the company told their employee’s that it was occurring. What some of those who commented may not realize is they may have consented themselves to keylogging on company computers without being explicitly notified of it. Most employees are required to sign an Acceptable Use Policy (AUP) as a part of their new-hire paperwork when their job description requires the use of a computer or internet access. Most AUPs contain wording such as “by using this system, your actions may be monitored or recorded” and keystroke logging would definitely be covered under that clause.

Many also commented that using keylogging would help to reduce the amount of time that employees would spend using the computer for non-work activities. While this may be true in some cases, the inverse also occurs. Once employees are aware that they are being actively monitored they either chose to quit screwing around or to try to evade the monitoring. Trying to evade the monitoring results in the employee wasting even more time than he/she was before, and usually leads to either voluntary or involuntary termination of the employee. Another important point to remember is that employees have long used company time to take care of personal business before computers were ever used, whether it be a personal phone call or reading the newspaper. This is just a fact that most employers have come to accept.

Another major issue with keylogging I see is regulating access to and securing the logs. Who, if anyone, reads the logs on a regular basis? If they aren’t regularly monitored, than why keep them at all? Keeping them for any significant period of time exposes the company to legal liability, being that the logs would be fair play during legal discovery. If the logs were regularly monitored, the person charged with the responsibility so doing so would most likely be a lowly paid intern or new employee. These employees would be able to read all the information entered into the company’s computers, some of which may be sensitive or confidential in nature. These employees, because of their low spot on the totem poll, could easily leak information to competitors or the press and profit greatly from it.

Keyloggers could be beneficial in gaining additional information on a subject during an already on-going investigation, but the signal-to-noise ratio of blanket logging would bring the likelihood of uncovering devious activities relatively impossible.

Long entry short, keyloggers equal a bad idea in my book. Their disadvantages greatly outnumber their advantages in my book and although they may look like a great way to cure employee time wasting, but after a careful analysis, the cost-benefit just doesn’t seem to be there in my opinion.

I’m going to start posting some of my scripts/code snippets that I’ve hacked together. Maybe they’ll be of some use to someone other than myself.

Code section is here.

Freshly rested, I had actually forgotten all about it not working until I wanted to watch an episode of “How I Met Your Mother” that was stored on there over lunch; My enjoyable lunch got twisted into something not quite as much.

With some googling and reading the log files, I learned that the issue lied with the pam_smbpass.so in /lib/security.. I subsequently disabled samba password synchronization with pam-auth-update and volia, sudo worked. However, samba was still borked, so this couldn’t be a permanent fix, although I had found the offending file.

With this information and more googling, I ran across this bug on Launchpad.net, describing pretty much the same situation I was in. I ran the suggested steps in the bug report, which consisted of purging samba and libpam-smbpass and manually making sure everything was removed from the /var/lib/samba directory.

Once I did that, I reinstalled samba and libpam-smbpass and everything seemed to work swimmingly, or so I thought. Later that night, I noticed once again that sudo was segfaulting, although the samba shares were working for the time being. I did some more work on the google ran across this bug report for Debian.. This message seemed to point exactly at the problem, CUPS (which makes sense, as I had recently setup a printer on the machine). After implementing the fix purposed in that message, everything seems to be working great.

I’m hoping that this bug gets ironed out, as its definitely not something a majority of users would know how/be willing to fix. There’s a few bug reports on Launchpad regarding this or something directly involving the packages listed above, some even marked as fixed, although from my experiences it doesn’t seem to be.

Last but not least, I wish a Merry Christmas (or Happy Holidays) and a wonderful New Year to everyone who may happen to read this.

Anyways, I’ll probably tweak the site here and there for a while, but its definitely not my first priority. .