From 4ad0d383a27cbda5c2898cc9e4dccb040d95c376 Mon Sep 17 00:00:00 2001 From: VitorMob Date: Mon, 10 Jun 2024 13:02:23 -0300 Subject: [PATCH 1/4] feat: version 1.0.0 --- .gitignore | 1 + README.md | 29 ++++++++++++++++++++------ documentation/README.md | 45 +++++++++++++++++------------------------ 3 files changed, 42 insertions(+), 33 deletions(-) diff --git a/.gitignore b/.gitignore index 75d1705..43dc5d1 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ # # Normal rules # +.idea scripts/qemu/initramfs/opt/* .* *.o diff --git a/README.md b/README.md index d185193..890c6ac 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,7 @@ # CrowArmor : Linux Driver - -> [!WARNING] -> Dear Users, We would like to inform you that CrowArmor is currently in its beta testing phase. As such, we highly recommend refraining from installing it on your host machine at this time. - ![CrowArmor](assets/crowarmor.png) - # What is CrowArmor ? CrowArmor is a driver for Linux aimed at system security, we use [LSM](https://en.wikipedia.org/wiki/Linux_Security_Modules) interfaces to improve kernel security, providing support for [MalDec-EDR](https://github.com/maldeclabs/MalDec-EDR), code documentation and how to proceed with installation [Documentation](documentation) @@ -40,7 +35,7 @@ The standard practice is to have the latest stable production version available ``` # Testing -You need to test all components of Linux Defender, if possible detail the task of the components you tested, which paths you took and how we can perform the tests, if possible create a script of how the tests for your task work, more than 1 developer can carry out the review. +You need to test all components of MalDec-EDR, if possible detail the task of the components you tested, which paths you took and how we can perform the tests, if possible create a script of how the tests for your task work, more than 1 developer can carry out the review. ## Automated Testing @@ -49,3 +44,25 @@ Every modification to the code, no matter how small, should ideally be accompani ## Manual Quality Assurance (QA) Testing Changes should be tested by somebody other than the developer who wrote the code. This is especially important for large or high-risk changes. It is useful to add a test plan to the pull request description if testing the changes is not straightforward. + +## Features + +- Communicates with MalDec EDR +- Modifies the Syscall Table and hooks it +- Monitors if the Syscall Table has been modified +- Restores the Syscall if it has been modified by an unknown driver +- Monitors the CPU Control Registers and restores them if they are modified + +## Tests carried out + +[X] - Distro Debian-Based + * Ubuntu + * Debian +[x] - Distro Arch-Based + * Arch Linux + * Artix +[x] - Kernel Version 6.0.0 + * 6.8.0-35-generic + * 6.0.0-060000 +[x] - Kernel Version 5.0.0 +[x] - Kernel Version 4.0.0 \ No newline at end of file diff --git a/documentation/README.md b/documentation/README.md index dc8aa22..c8a99de 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -14,7 +14,6 @@ To install crowarmor, follow the commands below. Ensure that you have GCC versio ```sh make # Compile crowarmor -make depends # Compile dependencies make install # Install crowarmor module ``` @@ -22,13 +21,15 @@ Additionally, the Makefile provides helpful targets for executing scripts: ```sh Available targets: - make all : Compile the crowarmor Driver + make all : Compile the CrowArmor Driver make clean : Delete driver compilation - make infos : Display crowarmor Driver information + make infos : Display CrowArmor Driver information make help : Display this help message make install : Install Driver in machine make uninstall : Uninstall Driver from machine - make depends : Compile the dependencies + make tests_compile : Make Tests Driver + make tests_clean : Delete Tests Driver + make qemu_start : Start emulation using qemu # for debian-based ``` After you install the driver, make sure the driver resides in `/dev/crowarmor`. @@ -37,29 +38,17 @@ After you install the driver, make sure the driver resides in `/dev/crowarmor`. 
 .
-├── assets             
-│   └── crowarmor.png
-├── documentation      
-│   └── README.md
-├── include            
-│   ├── control_registers
-│   ├── err
-│   ├── kpobres
-│   └── signals
-├── LICENSE
-├── Makefile
-├── modules            
-│   └── lunatik
-├── README.md
-└── sources            
-    ├── chrdev
-    ├── control_registers
-    ├── hook_syscall
-    ├── inspector
-    ├── kpobres
-    ├── signals
-    ├── crowarmor
-    └── tracing
+├── assets
+├── documentation
+├── include
+├── LICENSE
+├── Makefile
+├── README.md
+├── scripts
+├── sources
+└── tests
+
+7 directories, 3 files
- [**sources**](../sources): This directory contains main modules and comprehensive source code files for the crowarmor project. @@ -72,6 +61,8 @@ After you install the driver, make sure the driver resides in `/dev/crowarmor`. - [**assets**](../assets): In this directory, discover a collection of images specifically related to the visual elements and graphics associated with the crowarmor application. +- [**assets**](../tests): Tests used for features + ## Specifications The crowarmor Linux Driver is specifically optimized for compilation using GCC version 12 to achieve optimal performance and compatibility. Please ensure that GCC version 12 is installed on your system before proceeding with the installation steps provided below. The last version was successfully compiled on kernel 6.5.6-76060506-generic. From 2ee16a1e158b3c3ce225f9deb887a2b10e6543d8 Mon Sep 17 00:00:00 2001 From: Mob Date: Mon, 10 Jun 2024 13:06:39 -0300 Subject: [PATCH 2/4] fix: adjust markdown --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 890c6ac..bb10dd7 100644 --- a/README.md +++ b/README.md @@ -55,14 +55,14 @@ Changes should be tested by somebody other than the developer who wrote the code ## Tests carried out -[X] - Distro Debian-Based - * Ubuntu - * Debian -[x] - Distro Arch-Based - * Arch Linux - * Artix -[x] - Kernel Version 6.0.0 - * 6.8.0-35-generic - * 6.0.0-060000 -[x] - Kernel Version 5.0.0 -[x] - Kernel Version 4.0.0 \ No newline at end of file +- [X] Distro Debian-Based + - Ubuntu + - Debian +- [x] Distro Arch-Based + - Arch Linux + - Artix +- [x] Kernel Version 6.0.0 + - 6.8.0-35-generic + - 6.0.0-060000 +- [x] Kernel Version 5.0.0 +- [x] Kernel Version 4.0.0 From 38d81de0aaa7c696a368cf0ad04d185bcb11f2ac Mon Sep 17 00:00:00 2001 From: VitorMob Date: Mon, 10 Jun 2024 13:11:44 -0300 Subject: [PATCH 3/4] feat: add version kernel tested --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index bb10dd7..8c2b10c 100644 --- a/README.md +++ b/README.md @@ -58,11 +58,16 @@ Changes should be tested by somebody other than the developer who wrote the code - [X] Distro Debian-Based - Ubuntu - Debian + - [x] Distro Arch-Based - Arch Linux - Artix + - [x] Kernel Version 6.0.0 - 6.8.0-35-generic - 6.0.0-060000 + - [x] Kernel Version 5.0.0 + - 5.0.5-050005-generic + - [x] Kernel Version 4.0.0 From bd653e99462130350edf54fe501891b41414bdcb Mon Sep 17 00:00:00 2001 From: Mob Date: Mon, 10 Jun 2024 13:15:51 -0300 Subject: [PATCH 4/4] fix: remove lines --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 8c2b10c..9f92c14 100644 --- a/README.md +++ b/README.md @@ -58,16 +58,12 @@ Changes should be tested by somebody other than the developer who wrote the code - [X] Distro Debian-Based - Ubuntu - Debian - - [x] Distro Arch-Based - Arch Linux - Artix - - [x] Kernel Version 6.0.0 - 6.8.0-35-generic - 6.0.0-060000 - - [x] Kernel Version 5.0.0 - 5.0.5-050005-generic - - [x] Kernel Version 4.0.0