rothnath / deadmansw Goto Github PK

DeadMan's Switch (dmsw) User Manual

Introduction

DeadMan's Switch (dmsw) is a Linux-based tool designed to secure sensitive data by automatically shredding specified directories after a defined period of inactivity by the user.

Features

Monitor specified user's login for inactivity. Configurable folders to be shredded. Configurable inactivity duration leading to data shredding. On/off toggle for safety. Helper utility for easy status checks

Dependencies

awk: A text processing tool that's used in the script for parsing outputs of various commands.

bash: The shell the script is written in.

bc: An arbitrary precision calculator language, used in the script to evaluate a floating-point condition. May need to be installed separately on minimal installations.

cut: Used for cutting out sections from each line of files. Typically comes pre-installed with most distributions, as it's part of the coreutils package.

date: Used to convert and compute timestamps.

grep: A text searching utility

hwclock: Used to access the hardware clock (Real-Time Clock, RTC) and compare it with the system clock.

last: Provides the last login info for users. Comes pre-installed with most distributions, as it's part of the sysvinit-tools or util-linux package, depending on the distribution.

ntpdate: Used to query NTP servers to check the time offset.

mapfile: Used for reading Arrays

tee: Used to append to files (in this case, logs). Part of the coreutils package, it's typically pre-installed.

tr: Used to translate or delete characters. In this script, it's used to remove double quotes. Like cut, this is part of the coreutils package and typically comes pre-installed.

Automated Intallation (TODO)

Manual Installation (Most Linux Distributions)

Copy the script (dmsw.sh) to /usr/local/bin/ and ensure it's executable

sudo cp dmsw.sh /usr/local/bin/dmsw.sh sudo chmod +x /usr/local/bin/dmsw.sh

Copy the helper file (dmsw-helper) to /user/local/bin/ and ensure it's executable

sudo cp dmsw-helper /usr/local/bin/dmsw-helper sudo chmod +x /usr/local/bin/dmsw-helper

Copy the service file (dmsw.service) to /etc/systemd/system/ sudo cp dmsw.service /etc/systemd/system/dmsw.service

Place the configuration file (dmsw.conf) in its directory:

sudo mkdir /etc/dmsw # Create the configuration directory sudo cp dmsw.conf /etc/dmsw/dmsw.conf

Configuration

The main configuration file for Deadman's Switch is dmsw.conf normally located at /etc/dmsw/dmsw.conf

Parameters

ENABLED: This can be set to "yes" or "no". It determines whether the tool is active. By default, for safety reasons, this is set to "no". MONITORED_USER: Specify the username whose inactivity will be monitored. TIME_MINUTES: Inactivity duration in minutes. TIME_HOURS: Inactivity duration in hours. TIME_DAYS: Inactivity duration in days. TIME_WEEKS: Inactivity duration in weeks. TIME_MONTHS: Inactivity duration in months. TARGET_X: Paths to the files or directories you want to be shredded when the switch activates. Add multiple target lines for multiple paths (e.g., TARGET_1, TARGET_2, etc.)

Usage:

Starting the service systemctl start dmsw systemctl status dmsw

Logging

/var/log/dmsw.log is used by default, may need permissions depending on the system / user setup to work properly.

Other commands

deadmansw-helper # Check the time remaining on shredding after the service is started

Safety Notes

Always Backup: Before setting this tool on any directory, always ensure you have backups of essential data. The shred command is irreversible. Testing: It's crucial to test the tool in a safe environment (e.g., on dummy data) before deploying it on actual sensitive directories. Service Start: Ensure that the systemd service is started after any configurations or changes: sudo systemctl start deadmansw.

Deadmansw is a powerful tool designed with data security in mind. While it provides a layer of safety against unauthorized data access, always handle with care to avoid unintentional data loss.

FAQ:

Q: Do you know that shred doesn't completely delete data on an SSD? A: Yes, release version I hope will have the ability to use enhanced erase hdparm's.

Q: What happens if I sit logged in forever and don't have a lock screen or trigger a logout? A: It will still shred, it's from last user login of any type, using sudo counts as login activity for example.

Q: What happens if someone pulls the power on my computer and takes the HD? A: It won't complete the deletion / shred. It'll try if it's powered on in a VM for example, as long as the time hasn't been messed with.

Author Contact: nath.jroth@p r o t o n m a i l. co m