mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-28 22:56:13 -05:00
added files
This commit is contained in:
parent
929f49f333
commit
a7015f4ddf
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=My Script
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/true
|
||||
ExecStop=/usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
47
usr/lib/dracut/modules.d/10ram-wipe-exit/module-setup.sh
Normal file
47
usr/lib/dracut/modules.d/10ram-wipe-exit/module-setup.sh
Normal file
@ -0,0 +1,47 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
|
||||
# Author: friedy10 friedrichdoku@gmail.com
|
||||
|
||||
# called by dracut
|
||||
check() {
|
||||
require_binaries sync || return 1
|
||||
require_binaries sleep || return 1
|
||||
require_binaries ls || return 1
|
||||
require_binaries halt || return 1
|
||||
require_binaries poweroff || return 1
|
||||
require_binaries reboot || return 1
|
||||
require_binaries cat || return 1
|
||||
require_binaries sdmem || return 1
|
||||
require_binaries pgrep || return 1
|
||||
require_binaries dmsetup || return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
depends() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
install() {
|
||||
inst_multiple sync
|
||||
inst_multiple sleep
|
||||
inst_multiple ls
|
||||
inst_multiple halt
|
||||
inst_multiple poweroff
|
||||
inst_multiple reboot
|
||||
inst_multiple cat
|
||||
inst_multiple sdmem
|
||||
inst_multiple pgrep
|
||||
inst_multiple dmsetup
|
||||
inst_hook pre-udev 40 "$moddir/wipe-ram.sh"
|
||||
inst_hook pre-trigger 40 "$moddir/wipe-ram-needshutdown.sh"
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
installkernel() {
|
||||
return 0
|
||||
}
|
||||
|
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
|
||||
## Author: friedy10 friedrichdoku@gmail.com
|
||||
|
||||
|
||||
ram_wipe_check_needshutdown() {
|
||||
local wipe_action
|
||||
wipe_action=$(getarg wiperamaction)
|
||||
|
||||
wait $(pgrep sdmem)
|
||||
info "DONE WAITING..."
|
||||
|
||||
if [ "$wipe_action" = "reboot" ]; then
|
||||
reboot -f
|
||||
fi
|
||||
|
||||
if [ "$wipe_action" = "poweroff" ]; then
|
||||
poweroff -f
|
||||
fi
|
||||
|
||||
if [ "$wipe_action" = "halt" ]; then
|
||||
halt -f
|
||||
fi
|
||||
}
|
||||
|
||||
ram_wipe_check_needshutdown
|
||||
|
27
usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh
Normal file
27
usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh
Normal file
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
|
||||
## Author: friedy10 friedrichdoku@gmail.com
|
||||
|
||||
ram_wipe_action() {
|
||||
local kernel_wiperam_exit
|
||||
## getarg returns the last parameter only.
|
||||
## if /proc/cmdline contains 'wiperam=skip wiperam=force' the last one wins.
|
||||
kernel_wiperam_exit=$(getarg wiperamexit)
|
||||
|
||||
|
||||
if [ "$kernel_wiperam_exit" = "no" ]; then
|
||||
info "INFO: Skip, because wiperamexit=no kernel parameter detected, OK."
|
||||
return 0
|
||||
else
|
||||
if [ "$kernel_wiperam_exit" != "yes" ]; then
|
||||
info "INFO: Skip, becuase wiperamexit parameter is not used. "
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
info "INFO: wiperamexit=yes. Running second RAM wipe... "
|
||||
|
||||
sdmem -l -l -v
|
||||
}
|
||||
ram_wipe_action
|
||||
|
@ -72,6 +72,7 @@ dmsetup_actual_output: '$dmsetup_actual_output'" > /dev/kmsg
|
||||
sleep 5
|
||||
fi
|
||||
|
||||
kexec -e
|
||||
}
|
||||
|
||||
ram_wipe
|
||||
|
39
usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare
Executable file
39
usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
## Copyrigh (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||
## See the file COPYING for copying conditions.
|
||||
## modified by Friedrich Doku <friedrichdoku@gmail.com>
|
||||
|
||||
set -x
|
||||
set -e
|
||||
|
||||
true "env:"
|
||||
env
|
||||
|
||||
## Debugging.
|
||||
## Lets hope $1 is set to reboot, poweroff or halt by systemd.
|
||||
true "1: $1"
|
||||
|
||||
sudo dbus-monitor --system |
|
||||
while read -r line; do
|
||||
if [[ $line =~ .*"poweroff.target".* ]]; then
|
||||
kexec -l /boot/vmlinuz-$(uname -r) --initrd=/boot/initrd.img-$(uname -r) --reuse-cmdline --append="wiperamexit=yes wiperamaction=poweroff"
|
||||
break
|
||||
fi
|
||||
|
||||
if [[ $line =~ .*"reboot.target".* ]]; then
|
||||
kexec -l /boot/vmlinuz-$(uname -r) --initrd=/boot/initrd.img-$(uname -r) --reuse-cmdline --append="wiperamexit=yes wiperamaction=reboot"
|
||||
break
|
||||
fi
|
||||
|
||||
if [[ $line =~ .*"halt.target".* ]]; then
|
||||
kexec -l /boot/vmlinuz-$(uname -r) --initrd=/boot/initrd.img-$(uname -r) --reuse-cmdline --append="wiperamexit=yes wiperamaction=halt"
|
||||
break
|
||||
fi
|
||||
|
||||
if [[ $line =~ .*"kexec.target".* ]]; then
|
||||
kexec -l /boot/vmlinuz-$(uname -r) --initrd=/boot/initrd.img-$(uname -r) --reuse-cmdline --append="wiperamexit=yes wiperamaction=reboot"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
sleep 10
|
Loading…
Reference in New Issue
Block a user