defuse/swatd defuse/swatd

  • Stars
    star
    869
  • Rank 52,497 (Top 2 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 11 years ago
  • Updated almost 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
defuse/swatd
github

defuse

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Run a script when one or more sensors fail.

SWATd

Build Status

SWATd lets you configure 'sensors' that check your PC's external environment. When enough sensors 'fail', SWATd will run a script for you.

Sensors are commands or scripts that get executed repeatedly. A sensor is said to fail when its exit code makes a transition from zero (working) to non-zero (not working). This makes configuration easy and powerful. For example, you can make a sensor that checks if your website is online, and then make a command to alert you when the sensor fails.

SWATd was originally written as a tool to defend against theft by criminals or to detect when your computer is captured by police. For example, you can set a sensor to detect if your WiFi network is in range, and when it goes out of range, automatically unmount encrypted volumes. So if someone steals your laptop from your house, your files will be safe. Since SWATd only counts the failure when the sensor changes from a "WiFi in range" state to a "WiFi out of range" state, if you use your laptop somewhere else, you don't need to worry about disabling SWATd every time you leave your house.

WARNING: While this may be helpful for some, there are significant risks. For one, in some countries, including the United States, you could go to jail on obstruction of justice charges just for running SWATd, even though you are innocent. Second, SWATd is not perfect: law enforcement or a smart thief can still dump your RAM, thus getting your encryption keys, before doing anything that would make a sensor fail. Use with caution, and consult an attorney first. It's most likely the case that if you find yourself needing to rely on SWATd, then you have already lost.

Building and Installing

To build SWATd, cd into the source code directory and run make. This will create a swatd executable. If you want to install it as a daemon, refer to your operating system's manuals. To run SWATd from a terminal (non-daemon), pass the -s option.

Arch Linux

To install SWATd on Arch Linux, copy swatd into /usr/local/bin:

# make
# install swatd /usr/local/bin/

Create the configuration file (See the Configuration section below):

# mkdir /etc/swatd
# chmod 700 /etc/swatd
# vim /etc/swatd/swatd.conf

If you want SWATd to start when you boot, add the following to /etc/systemd/system/swatd.service.

[Unit]
Description=SWATd

[Service]
Type=forking
PIDFile=/var/run/swatd.pid
ExecStart=/usr/local/bin/swatd -p /var/run/swatd.pid
Restart=on-abort

[Install]
WantedBy=multi-user.target

Then run:

# systemctl enable swatd.service
# systemctl start swatd.service

You can check the status of SWATd by running:

# systemctl status swatd.service

Read SWATd's log entries by running:

# journalctl /usr/local/bin/swatd

Debian

To install SWATd on Debian, copy swatd into /usr/local/bin:

# make
# install swatd /usr/local/bin/

Create the configuration file (See the Configuration section below):

# mkdir /etc/swatd
# chmod 700 /etc/swatd
# vim /etc/swatd/swatd.conf

Then copy swatd.init to /etc/init.d/ and enable it:

# cp swatd.init /etc/init.d/swatd
# update-rc.d swatd defaults

Configuration

By default, SWATd looks for a configuration file in /etc/swatd/swatd.conf. Alternatively, you can provide a configuration file path to SWATd with the -c option. In any case, the configuration file must not be world writable, or SWATd will refuse to run.

The configuration file syntax is extremely simple. There are only three options: interval, threshold, and execute. To set a value for one of the options, begin a line with its name, followed by a colon, followed by the value. Everything after a '#' is treated as a comment (ignored). Blank lines are ignored. All other lines define a sensor command.

interval is the number of seconds to wait between sensor checks. threshold is the number of sensors that must fail before assuming you are being raided. execute is the command to execute when you are being raided.

Here is an example configuration file:

# This configuration makes SWATd continually check if /tmp/foobar exists. If
# /tmp/foobar stops existing (goes from existing to not existing), SWATd will
# write some text to the file /tmp/ran.

# =============================================================================
# The number of seconds to wait between sensor checks.
# =============================================================================
interval: 30

# =============================================================================
# The number of sensors that must 'fail' at the same time.
# =============================================================================
threshold: 1

# =============================================================================
# The command to execute when 'threshold' sensors fail.
# =============================================================================
execute: echo "haiii" > /tmp/ran

# =============================================================================
# Sensor commands.
# A sensor has 'failed' when the exit code transisions from zero to non-zero.
# If a sensor's exit code is transitions from zero to 255, the command will be 
# executed immediately regardless of the 'threshold' setting, and the failure
# count will not be incremented.
# WARNING: Sensor commands MUST terminate.
# =============================================================================

test -e /tmp/foobar

More Repositories

1

php-encryption

Simple Encryption in PHP.
PHP
3,784
star
2

password-hashing

Password hashing code.
PHP
856
star
3

crackstation-hashdb

CrackStation.net's Lookup Table Implementation.
PHP
365
star
4

sockstress

Sockstress (TCP DoS) implementation.
C
205
star
5

flush-reload-attacks

Ruby
180
star
6

crackstation

Source code for my crackstation.net website.
Hack
132
star
7

passgen

A password generator.
C++
78
star
8

defuse.ca

The source code to my defuse.ca website.
HTML
67
star
9

phpcount

A unique hit counter that respects users' privacy.
PHP
62
star
10

email-spoofing

Ruby script for spoofing SMTP emails.
Ruby
43
star
11

php-passgen

Generating passwords in PHP.
PHP
38
star
12

gas-obfuscation

Extremely simple but inefficient x86-64 assembly obfuscation.
Ruby
34
star
13

dnsfs

Host files with DNS
Ruby
32
star
14

yescrypt

Non-C Implementations of the yescrypt KDF.
C
29
star
15

helloworld-cms

A simple content display system in PHP.
PHP
27
star
16

DAWr

The start of a library for building a DAW and/or sound experiments in Rust
Rust
26
star
17

airgap

Design for an economical and simple air-gapped system.
25
star
18

WinPassGen

A Windows Password Generator.
C
24
star
19

pastebin

The defuse.ca pastebin.
PHP
23
star
20

phphashcrack

A PHP hash cracker.
PHP
22
star
21

encutil

Example of how to build a command-line file encryption utility with defuse/php-encryption.
PHP
20
star
22

synergy-crack

Synergy 1.4.12 cracking tool.
Ruby
17
star
23

cuda-md5

Old NVIDIA CUDA implementation of salted MD5 brute-force
C++
17
star
24

ictm

A user-first approach to threat modeling.
14
star
25

x86rc4

A tiny x86 implementation of RC4
Assembly
13
star
26

php-newsgroups

Newsgroup-style PHP forum.
PHP
12
star
27

elfplayer

Visualize an ELF's execution
JavaScript
10
star
28

backup-verify

Tool for verifying backups and comparing directories.
Ruby
9
star
29

passgenr

A library for generating cryptographically-secure passwords in Rust.
Rust
8
star
30

canvas

Practice HTML5 Canvas.
JavaScript
6
star
31

textractor

Extract strings from files to make wordlists.
C#
6
star
32

vim

My GVim Configuration
Vim Script
6
star
33

image-passwords

HTML5 Canvas: Generating keys from memorable image sequences.
JavaScript
5
star
34

truecrypt-archive

Archive of all TrueCrypt 7.1a files
Standard ML
4
star
35

defuse_failover

(Old) How I used to do implement failover for defuse.ca.
Shell
4
star
36

gnutls-psk

Example TLS PSK client/server.
C
4
star
37

gadgetrie

A simple gadget finder for Return Oriented Programming
C
4
star
38

js-encryption

SJCL (JavaScript) encryption example.
JavaScript
3
star
39

vst_plugin

Example VST2 plugin in Rust.
Rust
2
star
40

eotp

https://defuse.ca/eotp.htm
Java
2
star
41

nova-extractor

WIP implementation of the extractor in Nova's security proof
Rust
2
star
42

passwordtrainer

A script for memorizing/practicing passwords.
Ruby
2
star
43

php-login

A (half-finished) PHP login system.
PHP
2
star
44

stemviz

JavaScript
2
star
45

https-mockups

Negative feedback for insecure web connections.
2
star
46

afl-demo

C
2
star
47

vimhl

Syntax highlighting in PHP with Vim.
PHP
2
star
48

sudoku-solver

A simple sudoku solver in Ruby
Ruby
2
star
49

pfs-experiments

Testing perfect forward secrecy in the short term.
Ruby
1
star
50

tix

A command-line ticket system in Ruby.
Ruby
1
star
51

bqp

Source code for my bqp.io website.
HTML
1
star
52

juggler-pow

A memory-but-not-time asymmetric proof-of-work function.
C
1
star
53

hypothetico-web

Hypothetico e-zine website
PHP
1
star
54

popularaccess

popularaccess.org
1
star
55

upload

File transfer upload script.
Shell
1
star
56

wavetool

A tool for processing/analyzing Serum wavetables.
Rust
1
star
57

nsa-letter

A letter to Canadian MPs about the NSA
1
star
58

qcircuitgen

Easily draw quantum circuits for LaTeX's picture environment
Ruby
1
star
59

codefiles

A Ruby on Rails blog.
Ruby
1
star