LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-27-2013, 04:37 AM   #1
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian, Arch, Xubuntu
Posts: 159

Rep: Reputation: 12
Paranoid shutdown script?


I'm wondering...

Suppose I have a number of computers connected to my local LAN. All of them are running linux and have their hard disks encrypted with LUKS and pre-boot authentication. Every password is a strong password. The computers are all online.

Is there a script or some program that causes all computers to power off whenever one of the computers signals an alert?
 
Old 02-27-2013, 08:37 AM   #2
yowi
Member
 
Registered: Dec 2002
Location: Au
Distribution: Debian
Posts: 209

Rep: Reputation: 52
ssh hostname halt
 
Old 02-27-2013, 11:36 AM   #3
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian, Arch, Xubuntu
Posts: 159

Original Poster
Rep: Reputation: 12
I was thinking about alert system that does something like this:

- All computers have full disk encryption.
- There is a local area network. Only one computer on that network is a server, the rest are clients.
- The server makes it presence known somehow (via socket broadcasts?)
- The clients are listening for the presence of a server, but are deactivated by default
- Once a client computer is connected to a LAN and detects a server, the client is activated
- Upon activation the client connects to the server and keeps an open connection
- If the connection is lost at any point, the client powers off
- Any client can send an alert to the server, who then broadcasts the alert to all other clients
- Any client that receives an alert from server powers off.
- Once a server is done sending alerts it powers itself off.

Obviously you'd have to be running scripts/programs on every server/client for this to work. I'm asking whether there is an existing solution, else I'll have to code it myself. I think I've heard about a python script that does something similar, but I can't recall its name...
 
Old 02-27-2013, 01:00 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Not sure what you're trying to defend against but it looks like a kind of a dead man's switch. I'd change a few things though: all connected machines are equal. If a network connection is lost, the machine retries to restore connection n times and then shuts down all user land applications in use and kills all user logins. Then the machine retries another n times, then umounts its LUKS partitions and shuts down. Any machine can send an alert to any other machine and any machine receiving an alert sends it to all other machines. For polling use something-innocuous-over-TCP like a misconfigured AVAHI or CUPS printer service or maybe only send a deliberately non-conforming ARP payload on alert that Arphound or Arpwatch should filter for? As for actively accessing and shutting down machines quickly over the network see the sysrq daemon and tcpconsole.

*I'm going to move this thread to the Networking forum as it's not about security but since it would be OK in Programming as well pleasee use the "Report" button on your initial post if you'd rather move it there, OK?
 
Old 02-27-2013, 02:16 PM   #5
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian, Arch, Xubuntu
Posts: 159

Original Poster
Rep: Reputation: 12
Nah, it's ok. I'm just experimenting with computer security in my free time.

Thanks for the tips. The initial idea was to have a server present on the network. Why? Well perhaps you don't want your computers i.e. laptops to be communicating to each other and powering off on all networks that they get connected to. For example only my HOME network is supposed to feature this alert system, but not the corporate network at work. I'd put the server on a Raspberry Pi and hide it inside a lockbox somewhere in the basement. In your case... for every machine to be able to communicate to every other they'd need to keep a list of active clients. This is definitely better and more secure approach that using client/server setup, but let's also consider the possibility of spammers i.e. we don't want any random user on the network to be able to send alerts... Some machines will have to be authed to the server to send alerts, but all clients could receive them.

~dis
 
Old 02-27-2013, 02:38 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Hmm. Still not sure what you're trying to defend against but OK. The idea of making all machines equal is to avoid a single server representing a single point of failure, it would add some randomization to polling intervals and allow for an overlap in coverage. Unless you have trouble in your LAN with say intelligent adaptive BYOD it wouldn't matter because foreign or not configured devices wouldn't have the right tools loaded to send the correct ARP payload or use the CUPS fake printer status URI... And while authentication and such would be nice to have it also increases complexity and that somehow goes against the purpose. (That is, if alerts are some sort of deal-with-it-right-now-or-die emergency...)
 
Old 02-27-2013, 03:10 PM   #7
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian, Arch, Xubuntu
Posts: 159

Original Poster
Rep: Reputation: 12
I see. In theory, by allowing all clients to send random alerts, the network would be exploitable (regardless whether the clients have tools or not, young kids have the urge to play with stuff) which is something I have a habit of avoiding. Not to mention having clients communicate with each other would expose a lot of information about them. Personally I'd be okay with running this on my own network, but I'm not ruling out the possibility of having other people using the application on their networks in the future. How exactly does the server represent a single point of failure? If the server fails then all clients lose connection with it and poweroff, which is the desired fail-secure mechanism.

EDIT:
Quote:
Originally Posted by unSpawn View Post
Hmm. Still not sure what you're trying to defend against but OK.
My cousin and the likes of him :-/

Last edited by displace; 02-27-2013 at 03:12 PM.
 
Old 02-27-2013, 06:12 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by displace View Post
(..) by allowing all clients to send random alerts, the network would be exploitable (..)
You haven't even begun to spec your stuff and you want to talk about what's exploitable?..


Quote:
Originally Posted by displace View Post
(..) having clients communicate with each other would expose a lot of information about them.
Sweet Deities, "a lot"? Like what exactly?


Quote:
Originally Posted by displace View Post
How exactly does the server represent a single point of failure? If the server fails then all clients lose connection with it and poweroff, which is the desired fail-secure mechanism.
Because it's that: just a single server.

To treat all loss of connectivity as equal is funny.
Real funny.
 
Old 02-28-2013, 04:37 AM   #9
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian, Arch, Xubuntu
Posts: 159

Original Poster
Rep: Reputation: 12
Quote:
Originally Posted by unSpawn View Post
You haven't even begun to spec your stuff and you want to talk about what's exploitable?..
... not sure we're on the same page here. I'm merely exploring the possibilities, and I anticipate that with your setup any computer running the software (or some tool that mimics it) will be able to send an alert and poweroff all available computers. I'd call this an exploit, wouldn't you? To avoid this we'd want to have some sort of authentication here so that only trusted computers can signal events. I'm always assuming the possibility that Bob and Alice aren't the only people on the LAN, there's also Mallory. I trust I don't have to explain who Mallory is.

Quote:
Originally Posted by unSpawn View Post
Sweet Deities, "a lot"? Like what exactly?
Let's see...
- Number of active clients on the LAN that use the software
- Possibly their finderprints (if the software sends ID strings)
- Which client triggered an alert (this should remain secret)
- Track client activity through time
- Detect whenever a client stops responding, but is still present on the network - this indicates the client has disabled the software.
- etc.


Quote:
Originally Posted by unSpawn View Post
Because it's that: just a single server.

To treat all loss of connectivity as equal is funny.
Real funny.
But how is the server going to fail??? An attacker cannot replicate the server without proper credentials because clients aren't going to accept it. He can't redirect, intercept or MITM the traffic because it's tls-encrypted. If he manages to disrupt the server, all clients detect it and poweroff - attacker loses all hope of getting the data from clients on this occasion. Perhaps the software can be modded to support a network of multiple servers. But there has to be a way to tag a LAN and send a signal to all clients that the network supports this kind of alert systems. How can we do that without a server? How do we limit the clients to activate the defense only on certain networks?

I'm not sure what the entertaining part is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Start-Up Script & Shutdown/Kill Script needed guggilamsandeep Red Hat 1 05-11-2011 08:58 AM
shutdown script CrashedAgain Linux - Software 5 04-08-2008 05:16 PM
script shutdown djaac Programming 2 01-24-2007 07:01 AM
shutdown script acidjuice Slackware 3 04-09-2005 05:19 PM
Shutdown script Hexane Mandriva 7 01-28-2005 01:36 AM


All times are GMT -5. The time now is 07:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration