Good defaults/examples for custom commands

[hephaest0s]

usbkill can now execute custom commands which are defined in the config.

What would be useful commands and examples for different setups? Does osx, bsd and (deb)linux support these commands?

I'm thinking about commands like `shred' and commands that release tc or luks volumes (and keys).

Are there commands for ram and/or swap?

[hephaest0s]

Also communicate a warning for commands that can take more than a second to complete, like shred.

[blaa]

I had plenty of ideas, directed differently - some to make kill thougher, other to make it easy to undo in case of personal accident (and security tools have to be usable so people don't work around them).

1. I like the ability to do --simulate to see how often I would kill my own laptop myself accidentally before switching to 'hard mode'. One can also create a script which beeps, schedules computer kill in 30 seconds, and only then - kills power. Would be great if locking/unlocking screensaver did the trick, but everything depends on security model. Might be used temporarily to make someone used to the tool.

2. Destroying evidence of encrypted FS is nice (overwrite luks header with /dev/urandom), according to https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/
   this could look like:
   head -c 3145728 /dev/zero > /dev/sdb2; sync

• check if a device is a luks device.
  I'd use dd and urandom though and test it before trying for real. Header backup necessary (well, depends on security model).

3. Or a way to make the kill less permament, but difficult to execute. Prepare a way to reinitialize a disc - few tools on tmpfs to get cryptsetup working without an accessible drive - available somehow via text console (ttyX?) - but securely. Then, instead of killing the power do luksSuspend of a drive - will wipe keys from the memory and block drive access. Still a lot of data is available in RAM though.

4. Add a mechanism similar to Tails distro which zeroes RAM before shutting down computer. Even if drive key is wiped you might want to clear your passwords, emails, etc.

[ghost]

Here is some ideas according to #39:

firewire true/false (Default: true) — Add check for Firewire (OS X compatible with system_profiler SPFireWireDataType)
thunderbolt true/false (Default: true) — Add check for Thunderbolt (OS X compatible with system_profiler SPThunderboltDataType)
ethernet true/false (Default: false) — Add check for Ethernet (OS X compatible with system_profiler SPNetworkDataType)
sdcards true/false (Default: true) — Add check for SD cards

and what about a check for Bluetooth devices (Default: false) with system_profiler SPBluetoothDataType ? Here is some reasons:

• You shutdown the mouse/keyboard, the computer follow (with a check for the battery left to prevent false positive)
• If someone scramble the Bluetooth signal, the computer shutdown

[Miserlou]

A few ideas..

• Take a picture
• POST to a dead-man's switch server
• Send an email
• rm a file
• POST to twilio/send an SMS

[Charlesleonius]

Screenshot should be easy for OSX. screencapture -iW ~/Desktop/screen.jpg

[virtadpt]

@blaa You might want to investigate this: https://github.com/offensive-security/cryptsetup-nuke-keys

[hephaest0s]

Thanks for your ideas!