kalipso/gokill
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: kalipso:feat_packaging
Branches Tags
kalipso:master kalipso:feat_packaging kalipso:feat_docs
..
compare: kalipso:398e16e72455967df050c5c0c52ad24c4befe064
Branches Tags
kalipso:master kalipso:feat_packaging kalipso:feat_docs

2 Commits
feat_packa ... 398e16e724

Author SHA1 Message Date
kalipso
398e16e724 [readme] WIP 2023-11-11 03:20:03 +01:00
kalipso
e93346f646 [nixpkgs] update 2023-11-11 03:19:41 +01:00
4 changed files with 65 additions and 103 deletions
Expand all files Collapse all files

82
README.md
View File

@@ -1,40 +1,37 @@
# gokill
gokill is aimed at activists, journalists and others that need to protect their data against access under all circumstances.
gokill falls under the category of anti-forensic tools, helping you to protect yourself against repression.
It is built for worst case scenarios when intruders physical gaining access to a device.
In such heated situations gokill helps you automatically executing tasks like:
gokill is designed for activists, journalists, and individuals who require robust protection for their data, ensuring it remains inaccessible under any circumstances. It belongs to the category of anti-forensic tools, providing a means to safeguard against potential repression. gokill is a [software dead man's switch](https://en.wikipedia.org/wiki/Dead_man%27s_switch#Software) that empowers users to configure various events. If these events occur, they trigger predefined actions. It is specifically crafted for worst-case scenarios, such as when intruders gain physical access to a device. In these intense situations, gokill automatically performs tasks to enhance your security:
- locking the screen
- sending a chat message
- sending chat messages
- deleting data
- encrypting partitions
- destroying encrypted partitions
- and many more
- ect
the tasks gokill executes could be done by hand using shellscripts, cronjobs, daemons ect.
but that means everyone needs to figure it out for themselves, and eventually make mistakes.
the idea of gokill is to provide a wide variarity of possibilities out of the box while making sure they are well tested.
## usage
gokill aims to be highly configurable and easily extendable.
``` bash
# Clone the gokill repository
git clone https://github.com/k4lipso/gokill
cd gokill
'gokill' is a tool that completes some actions when a certain event occurs.
actions can vary from shuting down the machine to sending mails over erasing data.
actions can be triggert by certain conditions like specific outcomes of unix
comands or not having internet connection.
# Build gokill
go build github.com/k4lipso/gokill
actions and triggers should be easy to extend and handled like plugins. they
also should be self documenting.
every action and trigger should be testable at anytime as a 'dry-run'.
actions can have a 'stage' defined. the lowest stage is started first,
and only when all actions on that stage are finished next stage is triggered
gokill should run as daemon. config should be read from /etc/somename/config.json
# Create a config.json and run gokill
./gokill -c config.json
```
## Config Example
gokill is configured using a json file. it consists of a list of triggers, where each of the triggers as a list of
actions that will be executed once triggered.
``` json
[ //list of triggers
{
"type": "UsbDisconnect",
"type": "UsbDisconnect", //triggers when the given device is disconnected
"name": "First Trigger",
"options": {
"deviceId": "ata-Samsung_SSD_860_EVO_1TB_S4AALKWJDI102",
@@ -72,7 +69,7 @@ gokill should run as daemon. config should be read from /etc/somename/config.jso
{
"name": "unixCommand",
"options": {
"command": "env DISPLAY=:0 sudo su -c i3lock someUser"
"command": "env DISPLAY=:0 sudo su -c i3lock someUser" //example of locking someUser's screen as root
}
}
]
@@ -112,25 +109,54 @@ Here is a small example config:
This will automatically configure and enable a systemd running gokill as root user in the background
## actions
## --
the tasks gokill executes could be done by hand using shellscripts, cronjobs, daemons ect.
but that means everyone needs to figure it out for themselves, and eventually make mistakes.
the idea of gokill is to provide a wide variarity of possibilities out of the box while making sure they are well tested
and relatively easy to setup.
---
actions and triggers should be easy to extend and handled like plugins. they
also should be self documenting.
every action and trigger should be testable at anytime as a 'dry-run'.
actions can have a 'stage' defined. the lowest stage is started first,
and only when all actions on that stage are finished next stage is triggered
gokill should run as daemon. config should be read from /etc/somename/config.json
## todos
- export snap
- export ppa
### actions
- [x] shutdown
- [ ] wipe ram
- [ ] send mail
- [ ] ~~send mail~~
- send chat message
- [x] telegram
- [x] matrix
- [ ] delete data
- [ ] shred area
- [x] random command
- [x] run command
- [ ] wordpress post
- [ ] ipfs command
- [ ] [buskill 'triggers'](https://github.com/BusKill/awesome-buskill-triggers)
- [buskill 'triggers'](https://github.com/BusKill/awesome-buskill-triggers)
- [x] [lock-screen](https://github.com/BusKill/buskill-linux/tree/master/triggers)
- [x] shutdown
- [ ] luks header shredder
- [ ] veracrypt self-destruct
## Triggers
### triggers
- [ ] no internet
- [x] [pull usb stick](https://github.com/deepakjois/gousbdrivedetector/blob/master/usbdrivedetector_linux.go)
- [x] ethernet unplugged
- receive specific chat message
- [x] telegram
- [ ] matrix
- [ ] power adapter disconnected
- [ ] unix command
- anyOf

18
etc/gokill/config.json
View File

@@ -1,18 +0,0 @@
[
{
"type": "Timeout",
"name": "example trigger",
"options": {
"duration": 5
},
"actions": [
{
"type": "Print",
"options": {
"message": "hello world"
}
}
]
}
]

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1698553279,
"narHash": "sha256-T/9P8yBSLcqo/v+FTOBK+0rjzjPMctVymZydbvR/Fak=",
"lastModified": 1699343069,
"narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "90e85bc7c1a6fc0760a94ace129d3a1c61c3d035",
"rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
"type": "github"
},
"original": {

62
flake.nix
View File

@@ -21,12 +21,10 @@
gotools
mdbook
olm
dpkg
];
};
packages = rec {
packages = {
gokill = pkgs.buildGoModule rec {
pname = "gokill";
version = "1.0";
@@ -38,7 +36,6 @@
];
postInstall = ''
cp -r ./etc $out/ #for .deb packages
'';
};
@@ -57,16 +54,6 @@
'';
};
gokillSnap = pkgs.snapTools.makeSnap {
meta = {
name = "gokill";
summary = "simple but efficient";
description = "this should be longer";
architectures = [ "amd64" ];
confinement = "classic";
apps.gokill.command = "${gokill}/bin/gokill";
};
};
docs = pkgs.callPackage (import ./docs/default.nix) { self = self; };
@@ -74,52 +61,12 @@
};
bundlers.gokillDeb = pkg: pkgs.stdenv.mkDerivation {
name = "deb-single-${pkg.name}";
buildInputs = [
pkgs.fpm
];
unpackPhase = "true";
buildPhase = ''
export HOME=$PWD
mkdir -p ./nix/store/
for item in "$(cat ${pkgs.referencesByPopularity pkg})"
do
cp -r $item ./nix/store/
done
mkdir -p ./bin
cp -r ${pkg}/bin/* ./bin/
mkdir -p ./etc
cp -r ${pkg}/etc/* ./etc/
chmod -R a+rwx ./nix
chmod -R a+rwx ./bin
chmod -R a+rwx ./etc
fpm -s dir -t deb --name ${pkg.name} nix bin etc
'';
installPhase = ''
mkdir -p $out
cp -r *.deb $out
'';
};
apps = {
docs = {
type = "app";
program = builtins.toString (pkgs.writeScript "docs" ''
${pkgs.python3}/bin/python3 -m http.server --directory ${self.packages."${system}".docs}/share/doc'');
};
exportDEB = {
type = "app";
program = builtins.toString (pkgs.writeScript "docs" ''
${pkgs.nix}/bin/nix bundle --bundler .#bundlers.${system}.gokillDeb .#packages.${system}.gokill'');
};
};
})) ({
@@ -143,6 +90,12 @@
duration = 10;
};
actions = [
{
type = "Shutdown";
options = {
};
stage = 2;
}
];
}
];
@@ -150,6 +103,7 @@
virtualisation.vmVariant.virtualisation.graphics = false;
}
];
};
in
nixos.config.system.build.vm;