• Stars
    star
    152
  • Rank 244,685 (Top 5 %)
  • Language
    C
  • License
    MIT License
  • Created over 10 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fork of suckless screen locker for the extremely paranoid.

slock - a fork of the suckless screenlocker for the extremely paranoid

This is my personal fork of slock. It is the only screenlocker secure enough for me to use.

Changes from the original Slock

  • Custom Password: You can provide a custom password so you don't have to enter your user password on the X server. Simply create a ~/.slock_passwd file with your separate password in it.

  • Alarms: A siren will play if a user enters an incorrect password. It must reside in ~/slock.

  • Automatic Shutdown: Your machine will immediately shutdown if:

    1. The wrong password is entered more than 5 times.

    2. ALT/CTRL/F1-F13 is pressed to switch VTs or to try to kill the X server. Also, if ALT+SYSRQ is attempted to be used.

    • Automatic shutdown requires a sudoers option to be set in /etc/sudoers:

      • systemd: [username] [hostname] =NOPASSWD: /usr/bin/systemctl poweroff
      • sysvinit: [username] [hostname] =NOPASSWD: /usr/bin/shutdown -h now

      You must change [username] and [hostname] to your username and the hostname of the machine.

      NOTE: It is wise to combine this feature with a bios password as well as an encrypted home+swap partition. Once your machine is powered off. Your data is no longer accessible in any manner.

  • GRSecurity BadUSB Prevention: If you have GRSecurity patched onto and enabled in your kernel, when slock is started, all new USB devices will be disabled. This requires that the kernel.grsecurity.grsec_lock sysctl option be set to 0, which is a security risk to an attacker with local access. If you enable STRICT_USBOFF when slock comes on, kernel.grsecurity.grsec_lock will be set to 1 and new USB devices will denied until you reboot.

    You will need to have this line in your /etc/sysctl.d/grsec.conf

      kernel.grsecurity.grsec_lock = 0
    

    and it also requires similar permissions to Automatic Shutdown in /etc/sudoers.

    • [username] [hostname] =NOPASSWD: /sbin/sysctl kernel.grsecurity.deny_new_usb=1
    • [username] [hostname] =NOPASSWD: /sbin/sysctl kernel.grsecurity.deny_new_usb=0
  • Webcam Support (requires ffmpeg): This will take a webcam shot of whoever may be tampering with your machine before poweroff.

  • Twilio Support: You will receive an SMS to your phone when someone inputs a wrong password or pressed ALT/CTRL/F1-13/SYSRQ. See twilio_example.h to create a twilio.h file. You will need a twilio account to set this up.

    These SMS's can optionally be MMS's containing a webcam shot of whoever is potentially tampering with your machine.

  • Disabling alt+sysrq and ctrl+alt+backspace before shutting down: This prevents an attacker from killing the screenlock quickly before the shutdown.

    • This requires a sudoers option to be set in /etc/sudoers:

      • [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq

      You must change [username] and [hostname] to your username and the hostname of the machine.

  • To ensure the OOM-killer is disabled, sudo can be used internally. This requires another sudoers option:

    • [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/[0-9][0-9]*/oom_score_adj

    However, this is not recommended as now any process can modify the oom_score for any other process.

  • Transparent Lock Screen

    • The lock screen is now an ARGB window. The screen will dim on lock (or turn black with no compositor).

Requirements

In order to build slock you need the Xlib header files.

  • Potential runtime deps: sudo, ffmpeg, setxkbmap, curl, aplay
  • Other potential requirements: a twilio account, an imgur account

Installation

Edit config.mk to match your local setup (slock is installed into the /usr/local namespace by default).

Afterwards enter the following command to build and install slock (if necessary as root):

$ make clean install

Running slock

Simply invoke the 'slock' command. To get out of it, enter your password.

More Repositories

1

blessed

A high-level terminal interface library for node.js.
JavaScript
11,297
star
2

tty.js

A terminal for your browser, using node/express/socket.io
JavaScript
4,194
star
3

ttystudio

A terminal-to-gif recorder minus the headaches.
JavaScript
3,239
star
4

compton

A compositor for X11.
C
2,247
star
5

term.js

A terminal written in javascript.
JavaScript
1,550
star
6

pty.js

Bindings to forkpty(3) for node.js.
C++
857
star
7

mako

Bitcoin node written in C
C
578
star
8

termcoin

A bitcoin wallet and blockchain explorer for your terminal.
JavaScript
481
star
9

liburkel

Authenticated key-value store (i.e. an urkel tree)
C
315
star
10

zest

An absurdly fast CSS selector engine.
JavaScript
238
star
11

tiny

A small database for node.js.
JavaScript
111
star
12

lcdb

LevelDB implemented in C (unofficial -- not affiliated with Google in any way)
C
98
star
13

bns

Recursive DNS server and resolver for node.js
JavaScript
65
star
14

parted

Streaming body parser for node.js.
JavaScript
63
star
15

bthreads

worker threads for javascript
JavaScript
48
star
16

bpkg

Bundler and release tool for node.js
JavaScript
46
star
17

tng

A full-featured PNG renderer for the terminal.
JavaScript
41
star
18

coined

A high-level wrapper around BCoin
JavaScript
25
star
19

node-uo

A UO server for node.js
JavaScript
25
star
20

n64

Int64 object for javascript
JavaScript
24
star
21

liquor

A templating engine minus the code.
JavaScript
19
star
22

daemonic

A dead-simple module to daemonize a node. No compilation required.
JavaScript
19
star
23

node-telnet2

Telnet implementation for node.js, based on node-telnet
JavaScript
18
star
24

gitj

gitk in your terminal.
JavaScript
15
star
25

node-pingback

pingbacks for node.js
JavaScript
15
star
26

dilated

A blog for node.js.
JavaScript
14
star
27

csslike

A CSS preprocessor for node.js, designed to conform to the most recent www-style proposals.
CSS
12
star
28

cmake-node

node.js toolchain for cmake
C
11
star
29

rondo

DOM library and app framework.
JavaScript
11
star
30

st

A fork of st implementing scrollback, keyboard selection, and tabs.
C
11
star
31

highlighter.js

a quick and dirty JS highlighter
JavaScript
10
star
32

charged

High-level Chargify API binding for node.js
JavaScript
10
star
33

supersha

Fast SHA256 for node.js
C
10
star
34

dwm

My dwm fork and configuration.
C
10
star
35

tmux

A fork of tmux implementing xterm behavior.
C
8
star
36

vanilla

A framework for node.js.
JavaScript
8
star
37

Live-Stylesheets

small google chrome extension for editing a page's raw css
JavaScript
8
star
38

shim.htc

An HTML5 Shim in an HTML Component
JavaScript
8
star
39

epsilon-not

Weblog
PHP
5
star
40

unbound

Bindings to libunbound for node.js
C
5
star
41

evilpart

A Node multipart parser that is positively evil
JavaScript
5
star
42

N

pretty control for js
JavaScript
5
star
43

nmterm

A wicd-curses-like interface for NetworkManager
JavaScript
5
star
44

pulsemixer.js

An alsamixer-like interface for PulseAudio
JavaScript
4
star
45

rocksdown

RocksDB backend for LevelUP
C++
4
star
46

bsert

Minimal assertions for javascript
JavaScript
4
star
47

bitcoind.js

bitcoind.js has moved to https://github.com/bitpay/bitcoind.js
C++
4
star
48

wazm

WASM abstraction and EMCC preamble
JavaScript
3
star
49

babylonia

zero-dependency babel
JavaScript
3
star
50

bslint

eslint with less (or more) bullshit
JavaScript
3
star
51

bdoc

zero-dependency jsdoc
JavaScript
3
star
52

pkg-verify

Dependency verifier for node.js
JavaScript
3
star
53

buffer-map

Buffer-keyed map for javascript
JavaScript
2
star
54

loady

dynamic loader for node.js
JavaScript
2
star
55

leasedump

Dump dhcpcd lease files
C
1
star
56

qrsuite

jsqrcode and qr.js rolled into one package
JavaScript
1
star