From a2ae819fe65603d430e66961fcfdb2207306dcfd Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:17:25 -0300 Subject: [PATCH 01/10] Create casp.sh --- module_generator/scripts/casp.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 module_generator/scripts/casp.sh diff --git a/module_generator/scripts/casp.sh b/module_generator/scripts/casp.sh new file mode 100644 index 0000000..b7a56ef --- /dev/null +++ b/module_generator/scripts/casp.sh @@ -0,0 +1,22 @@ +#!/usr/bin/bash +# Make casper-fs after reboot. +# +# 5th May 2022 script contribution by Paul Weston - paul.w3st0n@googlemail.com + +LOGFILE="/home/paul/casper.log" + +cd /home/paul/git/casper-fs/module_generator/output + +echo "$(date) Running make clean..," +make clean +echo $? +echo "$(date): Clean finished" + +echo "$(date): Running make..." +make +echo $? +echo "$(date): Make finished" + +echo "$(date): Inserting module..." +insmod /home/paul/git/casper-fs/module_generator/output/casperfs.ko +echo $? From 8e7223ed5491bc6d6d129cf82b243a02722d73dd Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:23:07 -0300 Subject: [PATCH 02/10] Create manage.sh --- module_generator/scripts/manage.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 module_generator/scripts/manage.sh diff --git a/module_generator/scripts/manage.sh b/module_generator/scripts/manage.sh new file mode 100644 index 0000000..464697e --- /dev/null +++ b/module_generator/scripts/manage.sh @@ -0,0 +1,14 @@ +# Use this script to hidden the action to send keys to Casper-fs. +# Using this script, you cannot see the history command. +# save this script in /usr/bin/ +# COntribution by Paul Wiston - contact: paul.w3st0n@googlemail.com +echo -n "Enter device: " +read DEVICE + +echo -n "Enter key: " +stty -echo +read KEY +stty echo + +sudo su - root -c "echo $KEY > $DEVICE" +echo From eee04bd1a567483a6fdba7b7635b1a045cc84f17 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:25:29 -0300 Subject: [PATCH 03/10] Create casp.service --- module_generator/scripts/casp.service | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 module_generator/scripts/casp.service diff --git a/module_generator/scripts/casp.service b/module_generator/scripts/casp.service new file mode 100644 index 0000000..7218eab --- /dev/null +++ b/module_generator/scripts/casp.service @@ -0,0 +1,14 @@ +# use this script in systemd +# COntribution by Paul Wiston - contact: paul.w3st0n@googlemail.com +[Unit] +Description=Starts_casper +After=network.target + +[Service] +User=root +Group=root +ExecStart="/usr/local/bin/casp.sh" +Type=simple + +[Install] +WantedBy=default.target From 288c9984579ae89c7ab4c7ecb7006c7184204680 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:27:04 -0300 Subject: [PATCH 04/10] Update casp.sh --- module_generator/scripts/casp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/module_generator/scripts/casp.sh b/module_generator/scripts/casp.sh index b7a56ef..d55ea52 100644 --- a/module_generator/scripts/casp.sh +++ b/module_generator/scripts/casp.sh @@ -2,6 +2,8 @@ # Make casper-fs after reboot. # # 5th May 2022 script contribution by Paul Weston - paul.w3st0n@googlemail.com +# save this file in /usr/local/bin/ +# change points of directory "paul" to you proper user path LOGFILE="/home/paul/casper.log" From 212b91548386b5506f5c85c4218ea6ee2a44ec15 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:46:49 -0300 Subject: [PATCH 05/10] Create README.md --- module_generator/scripts/README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 module_generator/scripts/README.md diff --git a/module_generator/scripts/README.md b/module_generator/scripts/README.md new file mode 100644 index 0000000..f7748a4 --- /dev/null +++ b/module_generator/scripts/README.md @@ -0,0 +1,26 @@ +# Persistence + +To use the service file to make your LKM persistent, do this on the command line: +1) Check if your Linux machine runs systemd + + - sudo systemctl --version + If you see the version number on your screen, you are running systemd - if not, you can install systemd with your Linux package manager (apt / dpkg / rpm) - most Linuxes already use systemd. + +2) If you have systemd installed, create a file in the directory /etc/systemd/system with the name that you want your service to be known by, for example + sudo vi /etc/systemd/system/casper.service + + And paste the contents of the service file that I sent, save that file and exit. + +3) To enable the service you created in step 2, type (if your file is called casper.service): + sudo systemctl enable casper + +4) When you next reboot your machine, check the file /var/log/syslog to make sure your service was started successfully. + +Tip by Paul Weston + +# Hide action of send keys of password + +. I've attached a very simple script (manage.sh) which asks for the fake device name and password to (un)hide / (un)protect +- This avoids the clear text passwords and fake device name appearing in the shell history. + +Tip by Paul Weston From 7b5c9f3b4425d7c44d6b831579c6d62b7a84dcb4 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:49:36 -0300 Subject: [PATCH 06/10] Update README.md --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a445625..2e8959b 100644 --- a/README.md +++ b/README.md @@ -144,17 +144,21 @@ casperfs # rmmod casperfs ``` -Random notes +# Random notes -- Tested on ubuntu 16 and fedora 29 at kernels "3.x","4.x" and "5.x". +# Persistence and hide command of history +Follow this tip for more information: +https://github.com/CoolerVoid/casper-fs/blob/main/module_generator/scripts/README.md + ## Point of attention This tool aims to use in the hardening system context. Pay attention if you have proper authorization before using that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember. -References +# References -- *Wikipedia Netfilter* From 1b1da9cbf8722c36ba4e1a68f455abb37506ab34 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Fri, 3 Jun 2022 00:50:58 -0300 Subject: [PATCH 07/10] Update README.md --- module_generator/scripts/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/module_generator/scripts/README.md b/module_generator/scripts/README.md index f7748a4..4e97802 100644 --- a/module_generator/scripts/README.md +++ b/module_generator/scripts/README.md @@ -7,7 +7,8 @@ To use the service file to make your LKM persistent, do this on the command line If you see the version number on your screen, you are running systemd - if not, you can install systemd with your Linux package manager (apt / dpkg / rpm) - most Linuxes already use systemd. 2) If you have systemd installed, create a file in the directory /etc/systemd/system with the name that you want your service to be known by, for example - sudo vi /etc/systemd/system/casper.service + sudo vi /etc/systemd/system/casper.service + https://github.com/CoolerVoid/casper-fs/tree/main/module_generator/scripts/casper.service And paste the contents of the service file that I sent, save that file and exit. @@ -22,5 +23,6 @@ Tip by Paul Weston . I've attached a very simple script (manage.sh) which asks for the fake device name and password to (un)hide / (un)protect - This avoids the clear text passwords and fake device name appearing in the shell history. +- https://github.com/CoolerVoid/casper-fs/blob/main/module_generator/scripts/manage.sh Tip by Paul Weston From 4c6f9ee403a3f8efa652d141fbbf904fc44ca7f8 Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Sun, 10 Jul 2022 15:53:39 -0300 Subject: [PATCH 08/10] Update README.md --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 2e8959b..60c13fe 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,17 @@ My beginning purpose at this project is to protect my server, which is to protec When I talk to friends, I say peoples that don't know how to write low-level code. Using the Casper-fs, you can generate your custom kernel module to protect your secret files. The low-level programmer can write new templates for modules etc. +# Tool Features +* Tool to interpret YAML file and generate a C language file "Linux kernel module". +* YAML context is a white screen to create your custom module in kernel land. Yes is not hard when you use HiddenWall. +* The resource to generate the hidden kernel module, yes is invisible not even the root user can see it. +* The resource to turn the Linux kernel module visible, passing a key to enable the context. +* The resource to turn any file into a file system invisible(not even root can see it). +* The resource to turn to visible any invisible file. +* The resource to protect any file in the file system to prevent writing and removal. +* The resource to unprotect any file writing and remove proper permission. +* Persistence recipes with scripts, to always up Casper-fs when you boot the system. + ## Video demo: https://www.youtube.com/watch?v=qxLEkYFicTg From c344366715bc590ba9646dfb2ebaae250ed1627d Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Sun, 10 Jul 2022 15:54:26 -0300 Subject: [PATCH 09/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 60c13fe..139f4ab 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ generate your custom kernel module to protect your secret files. The low-level p # Tool Features * Tool to interpret YAML file and generate a C language file "Linux kernel module". -* YAML context is a white screen to create your custom module in kernel land. Yes is not hard when you use HiddenWall. +* YAML context is a white screen to create your custom module in kernel land. Yes is not hard when you use Casper-FS. * The resource to generate the hidden kernel module, yes is invisible not even the root user can see it. * The resource to turn the Linux kernel module visible, passing a key to enable the context. * The resource to turn any file into a file system invisible(not even root can see it). From 153dba3a5cbcdb8ba9a7090141d0da8bae81b19a Mon Sep 17 00:00:00 2001 From: CoolerVoid Date: Wed, 28 Sep 2022 20:22:05 -0300 Subject: [PATCH 10/10] Update LICENSE --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 3402459..5cb97e3 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2022, Antonio Carlos Costa da Silva - CoolerVoid +Copyright (c) 2022, Antonio Costa - CoolerVoid All rights reserved. Redistribution and use in source and binary forms, with or without