Can I make the webcam take a picture when an incorrect password is entered?

I am using a laptop . I was thinking to have a support in my Ubuntu machine. When an incorrect password is entered, a picture is taken later revealing who has been trying to gain access.

I have searched around and the only thing I have found is stuff to do this on Macs. Is It possible to write a script for Ubuntu to do same .

If possible then what is a script or Software to make this happen.

Solution 1:

^{Based on this post on the Ubuntuforums by BkkBonanza.}

This is an approach using PAM and will work for all failed login attempts. Using SSH, a virtual terminal or via the regular login screen, it doesn't matter as everything is handled by PAM in the end.

1. Install ffmpeg , we're going to use this as a command line way of grabbing the webcam images. Update: ffmpeg is removed when you upgrade to Ubuntu 14.04. We can use avconv in place of ffmpeg in the below script. No need to install anything separately.

2. Create a small script somewhere, e.g. /usr/local/bin/grabpicture with the following content:

    #!/bin/bash
    ts=`date +%s`
    ffmpeg -f video4linux2 -s vga -i /dev/video0 -vframes 3 /tmp/vid-$ts.%01d.jpg
    exit 0  #important - has to exit with status 0
   

   Change the /dev/video0 with the actual video device of your webcam and choose a path where the pictures are being saved - I just choose /tmp. In the newer version of Ubuntu use avconv instead of ffmpeg (sudo apt-get install libav-tools).

3. Make it executable, e.g. chmod +x /usr/local/bin/grabpicture.

4. Test it, by just calling it: /usr/local/bin/grabpicture. Check if you see files appearing in /tmp/vid....jpg.

5. Configure PAM to call this on every failed attempt.

   Note: do this carefully - if this fails you'll not be able to gain access to your system again in a regular way.

   1. Open a terminal window with root access (sudo -i) and leave it open - just in case you screw up in the next steps.

   2. Open /etc/pam.d/common-auth in your favourite editor, e.g. by doing gksudo gedit /etc/pam.d/common-auth. Keep in mind for the following steps that order of lines in this file matters.

   3. Locate the line below. By default there's one line before the one with pam_deny.so. On my 12.04 system it looks like this:

        auth    [success=1 default=ignore]      pam_unix.so nullok_secure
      

   4. In this line change the success=1 to success=2 to have it skip our script on success. This is an important step If you failed this step see below how to recover (***).

   5. Right below there, add a new one to call the actual script:

        auth    [default=ignore]                pam_exec.so seteuid /usr/local/bin/grabpicture
      

   6. Save and close the file. No need to restart anything.

6. Test it.

   1. In a new terminal window, as regular user, try su -l username to log in as another user with username username (change with an actual one of course). Deliberately enter the wrong password. Check if this result in a new picture.
   2. The same as above, but now enter the correct password. Check if you log in and it doesn't result in a picture being taken.

7. If the tests have succeeded you can log out from your DE (Unity/KDE/...) and you should see the same when entering a wrong password from the login screen.

(***) How to recover the system if you messed with /etc/pam.d/common-auth file:

• Reboot the computer
• At grub boot press "e" to edit
• Add

init=/bin/sh

to the line starting by "linux"

Mount the system with write access

mount -o remount,rw /

Edit the file and fix

vi /etc/pam.d/common-auth