Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Few new features, small refactor, partially tested. #33

Closed
wants to merge 10 commits into from
Closed

Few new features, small refactor, partially tested. #33

wants to merge 10 commits into from

Conversation

blaa
Copy link

@blaa blaa commented May 6, 2015

My "take" on this project. I did similar stuff with bash scripts up to date, which wasn't pretty.

I like the ability to be able to connect USB freely when my screen is not locked. I'll further extend it to keep a list of currently connected devices and update it (instead of start devices).

Made better parsed config file and this allowed me to define 4 commands more. Feel free to hate it.

Tomasz bla Fortuna added 8 commits May 6, 2015 21:21
Sorry, none of my editors likes tabs for Python.
f116bd0 
Keeping it a separate commit.
Cut on long lines and calling os.system for trivial stuff
d224b33
Use configparser instead of custom config.
d9934d7 
Read config from local directory, and only if it doesn't exist
from /etc. Don't do autoinstall.
Even less os.system() on Linux.
8293e12 
+ Open up possibility to scan PCI bus as well.
I don't like manual option parsing.
7223f93 
This adds requirement for argparse, but also opens up
possibility of usable parameters. Don't know if I like it.
kill_on_missing optional now.
d723a99 
After killing wait for 60 seconds to omit a kill-loop,
if kill ineffective or deliberately slowed-down.
Unlocked mode - if screen is not locked, allow device changes.
73717d2 
+ keep log file path in configuration file
Cleanup + better defaults + test option.
595e283
@hephaest0s
Copy link
Owner

Will look into it. Thanks!

Tomasz bla Fortuna added 2 commits May 7, 2015 08:21
Algorithm handling currently known devices
4f7efc5 
+ simulation mode with --simulate, for testing code/options.
+ sleeps not required for avoiding a loop
+ Reduce log size (lsusb as option)
Add scan of pcmcia/firewire/pci/pci_express buses.
89d85c2 
+ Don't require root with external kill script or simulate mode.
+ Small correction of messages.
Brobin
Brobin reviewed May 7, 2015
View reviewed changes
usbkill.py
f.write('\n')

# Log the message that needed to be logged:
f.write(line + '\n')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not simply f.write('\n{0}\n'.format(line))

@Brobin
Copy link
Contributor

Brobin commented May 7, 2015

I like the use of config parser. It's much more elegant that a bunch of janky string operations.

@ghost
Copy link

ghost commented May 7, 2015

+1 for the config parser ;)

Le 7 mai 2015 à 20:46, Tobin Brown [email protected] a écrit :

I like the use of config parser. It's much more elegant that a bunch of janky string operations.


Reply to this email directly or view it on GitHub.

@LinkseRat
Copy link

Maybe you can add an additional function (for raspberry) that formats the boot device so no forensics can find the 'sensitive' information? (Or mail it??)
I'm trying to configure my rspi2 with kali (not that simple) and this would be a nice tool when ....

@ghost
Copy link

ghost commented May 8, 2015

@LinkseRat

Maybe you can add an additional function (for raspberry) that formats the boot device so no forensics can find the 'sensitive' information? (Or mail it??)

For Luks (cryptsetup): Adding a line to remove keys like cryptsetup luksRemoveKey PARTITION should do the trick, or if you can't, changing the password with a truely random string.
For FileVault (OS X): Any help is welcome

@blaa
Copy link
Author

blaa commented May 8, 2015

@LinkseRat - that's why I added external kill script in my PR. It's generally advised to overwrite luks header with random bytes to make the drive look completely random + have a luksHeaderBackup stored somewhere safe. I'd use dd for this task, first determine size of the header by backing it up. It's certainly faster than remove/change key.

@Brobin - yeah, of course it would be better. One of many places I think even. ;)

@hephaest0s
Copy link
Owner

Thanks, I added most of these features now. Could you take a look at this issue #51 ?

@hephaest0s hephaest0s closed this May 9, 2015
@blaa
Copy link
Author

blaa commented May 9, 2015

Thanks. Glad to be of help. Hope it can inspire you even more. You can still add support for different buses (and firewire is particularly known for DMA access to memory).

I was also going to add a filter - to allow only specified class of usb devices when the computer is `unlocked'. For example disallow new untrusted HID devices always (mouse wigglers), but allow for new unknown previously pendrives.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@blaa @hephaest0s @Brobin @LinkseRat