diff --git a/LICENSE b/LICENSE index 3402459..5cb97e3 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2022, Antonio Carlos Costa da Silva - CoolerVoid +Copyright (c) 2022, Antonio Costa - CoolerVoid All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/README.md b/README.md index a445625..139f4ab 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,17 @@ My beginning purpose at this project is to protect my server, which is to protec When I talk to friends, I say peoples that don't know how to write low-level code. Using the Casper-fs, you can generate your custom kernel module to protect your secret files. The low-level programmer can write new templates for modules etc. +# Tool Features +* Tool to interpret YAML file and generate a C language file "Linux kernel module". +* YAML context is a white screen to create your custom module in kernel land. Yes is not hard when you use Casper-FS. +* The resource to generate the hidden kernel module, yes is invisible not even the root user can see it. +* The resource to turn the Linux kernel module visible, passing a key to enable the context. +* The resource to turn any file into a file system invisible(not even root can see it). +* The resource to turn to visible any invisible file. +* The resource to protect any file in the file system to prevent writing and removal. +* The resource to unprotect any file writing and remove proper permission. +* Persistence recipes with scripts, to always up Casper-fs when you boot the system. + ## Video demo: https://www.youtube.com/watch?v=qxLEkYFicTg @@ -144,17 +155,21 @@ casperfs # rmmod casperfs ``` -Random notes +# Random notes -- Tested on ubuntu 16 and fedora 29 at kernels "3.x","4.x" and "5.x". +# Persistence and hide command of history +Follow this tip for more information: +https://github.com/CoolerVoid/casper-fs/blob/main/module_generator/scripts/README.md + ## Point of attention This tool aims to use in the hardening system context. Pay attention if you have proper authorization before using that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember. -References +# References -- *Wikipedia Netfilter* diff --git a/module_generator/scripts/README.md b/module_generator/scripts/README.md new file mode 100644 index 0000000..4e97802 --- /dev/null +++ b/module_generator/scripts/README.md @@ -0,0 +1,28 @@ +# Persistence + +To use the service file to make your LKM persistent, do this on the command line: +1) Check if your Linux machine runs systemd + + - sudo systemctl --version + If you see the version number on your screen, you are running systemd - if not, you can install systemd with your Linux package manager (apt / dpkg / rpm) - most Linuxes already use systemd. + +2) If you have systemd installed, create a file in the directory /etc/systemd/system with the name that you want your service to be known by, for example + sudo vi /etc/systemd/system/casper.service + https://github.com/CoolerVoid/casper-fs/tree/main/module_generator/scripts/casper.service + + And paste the contents of the service file that I sent, save that file and exit. + +3) To enable the service you created in step 2, type (if your file is called casper.service): + sudo systemctl enable casper + +4) When you next reboot your machine, check the file /var/log/syslog to make sure your service was started successfully. + +Tip by Paul Weston + +# Hide action of send keys of password + +. I've attached a very simple script (manage.sh) which asks for the fake device name and password to (un)hide / (un)protect +- This avoids the clear text passwords and fake device name appearing in the shell history. +- https://github.com/CoolerVoid/casper-fs/blob/main/module_generator/scripts/manage.sh + +Tip by Paul Weston diff --git a/module_generator/scripts/casp.service b/module_generator/scripts/casp.service new file mode 100644 index 0000000..7218eab --- /dev/null +++ b/module_generator/scripts/casp.service @@ -0,0 +1,14 @@ +# use this script in systemd +# COntribution by Paul Wiston - contact: paul.w3st0n@googlemail.com +[Unit] +Description=Starts_casper +After=network.target + +[Service] +User=root +Group=root +ExecStart="/usr/local/bin/casp.sh" +Type=simple + +[Install] +WantedBy=default.target diff --git a/module_generator/scripts/casp.sh b/module_generator/scripts/casp.sh new file mode 100644 index 0000000..d55ea52 --- /dev/null +++ b/module_generator/scripts/casp.sh @@ -0,0 +1,24 @@ +#!/usr/bin/bash +# Make casper-fs after reboot. +# +# 5th May 2022 script contribution by Paul Weston - paul.w3st0n@googlemail.com +# save this file in /usr/local/bin/ +# change points of directory "paul" to you proper user path + +LOGFILE="/home/paul/casper.log" + +cd /home/paul/git/casper-fs/module_generator/output + +echo "$(date) Running make clean..," +make clean +echo $? +echo "$(date): Clean finished" + +echo "$(date): Running make..." +make +echo $? +echo "$(date): Make finished" + +echo "$(date): Inserting module..." +insmod /home/paul/git/casper-fs/module_generator/output/casperfs.ko +echo $? diff --git a/module_generator/scripts/manage.sh b/module_generator/scripts/manage.sh new file mode 100644 index 0000000..464697e --- /dev/null +++ b/module_generator/scripts/manage.sh @@ -0,0 +1,14 @@ +# Use this script to hidden the action to send keys to Casper-fs. +# Using this script, you cannot see the history command. +# save this script in /usr/bin/ +# COntribution by Paul Wiston - contact: paul.w3st0n@googlemail.com +echo -n "Enter device: " +read DEVICE + +echo -n "Enter key: " +stty -echo +read KEY +stty echo + +sudo su - root -c "echo $KEY > $DEVICE" +echo