Good defaults/examples for custom commands

Question

Good defaults/examples for custom commands

hephaest0s opened this issue 9 years ago · comments

Hephaestos commented 9 years ago

usbkill can now execute custom commands which are defined in the config.

What would be useful commands and examples for different setups? Does osx, bsd and (deb)linux support these commands?

I'm thinking about commands like `shred' and commands that release tc or luks volumes (and keys).

Are there commands for ram and/or swap?

Hephaestos · Answer 1 · Sat May 09 2015 20:47:35 GMT+0800 (China Standard Time)

Also communicate a warning for commands that can take more than a second to complete, like shred.

Tomasz bla Fortuna · Answer 2 · Sat May 09 2015 22:53:53 GMT+0800 (China Standard Time)

I had plenty of ideas, directed differently - some to make kill thougher, other to make it easy to undo in case of personal accident (and security tools have to be usable so people don't work around them).

I like the ability to do --simulate to see how often I would kill my own laptop myself accidentally before switching to 'hard mode'. One can also create a script which beeps, schedules computer kill in 30 seconds, and only then - kills power. Would be great if locking/unlocking screensaver did the trick, but everything depends on security model. Might be used temporarily to make someone used to the tool.
Destroying evidence of encrypted FS is nice (overwrite luks header with /dev/urandom), according to https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/
this could look like:
head -c 3145728 /dev/zero > /dev/sdb2; sync

check if a device is a luks device.
I'd use dd and urandom though and test it before trying for real. Header backup necessary (well, depends on security model).

Or a way to make the kill less permament, but difficult to execute. Prepare a way to reinitialize a disc - few tools on tmpfs to get cryptsetup working without an accessible drive - available somehow via text console (ttyX?) - but securely. Then, instead of killing the power do luksSuspend of a drive - will wipe keys from the memory and block drive access. Still a lot of data is available in RAM though.
Add a mechanism similar to Tails distro which zeroes RAM before shutting down computer. Even if drive key is wiped you might want to clear your passwords, emails, etc.

Deleted user · Answer 3 · Sat May 09 2015 23:10:06 GMT+0800 (China Standard Time)

Here is some ideas according to #39:

firewire true/false (Default: true) — Add check for Firewire (OS X compatible with system_profiler SPFireWireDataType)
thunderbolt true/false (Default: true) — Add check for Thunderbolt (OS X compatible with system_profiler SPThunderboltDataType)
ethernet true/false (Default: false) — Add check for Ethernet (OS X compatible with system_profiler SPNetworkDataType)
sdcards true/false (Default: true) — Add check for SD cards

and what about a check for Bluetooth devices (Default: false) with system_profiler SPBluetoothDataType ? Here is some reasons:

You shutdown the mouse/keyboard, the computer follow (with a check for the battery left to prevent false positive)
If someone scramble the Bluetooth signal, the computer shutdown

Rich Jones · Answer 4 · Sun May 10 2015 11:44:22 GMT+0800 (China Standard Time)

A few ideas..

Take a picture
POST to a dead-man's switch server
Send an email
rm a file
POST to twilio/send an SMS

Charles Leon · Answer 5 · Sun May 10 2015 11:55:39 GMT+0800 (China Standard Time)

Screenshot should be easy for OSX. screencapture -iW ~/Desktop/screen.jpg

The Doctor · Answer 6 · Mon May 11 2015 01:56:45 GMT+0800 (China Standard Time)

@blaa You might want to investigate this: https://github.com/offensive-security/cryptsetup-nuke-keys

Hephaestos · Answer 7 · Mon May 11 2015 19:59:00 GMT+0800 (China Standard Time)

Thanks for your ideas!