Buffer fixes

Add mute icons

Author: capi_x

README

@@ -37,17 +37,26 @@ The second is for strings to be compared with strstr(), if you want to allow all
 
 == Installing and running ==
 
-$ make install
+$ make
+# make install
 
 This will compile and copy the module on /lib/modules.
 You can load it with:
 
+# modprobe laf
+
 Add the module to /etc/modules or similar...
 
-# modprobe laf
 # vi /etc/laf.cfg
 # lafctl -u -f /etc/laf.cfg
 
+To make the qLAF GUI:
+
+$ cd qlaf
+$ qmake
+$ make
+# cp qlaf /usr/bin
+
 If you want to see what is blocking the LAF driver:
 
 tail -f /var/log/kern.log
@@ -59,9 +68,16 @@ tail -f /var/log/kern.log
 [16569.004590] LAF: fam 10 proto 00 blocked: VBoxXPCOMIPCD (26102:26102) parent: systemd (1)
 [16569.048654] LAF: fam 10 proto 00 blocked: VBoxSVC (26107:26107) parent: systemd (1)
 
+And if lafd is started you also can monitor the dbus:
+
+$ dbus-monitor --system "interface='laf.signal.source'"
+
+signal sender=:1.529 -> dest=(null destination) serial=19 path=/laf/signal/alert; interface=laf.signal.source; member=event
+   string "/2/0/kk/27293/27293/bash/27255"
+
 == Philosophy ==
 
-This is not a comprehensive solution against advanced attackers. There are many ways to bypass this kind of protection. However, it makes for an additional barrier for the attacker to overcome - think of it as defense in depth. The typical use case would be to isolate vainilla spyware, and to block most common shellcodes.
+This is not a comprehensive solution against advanced attackers. There are many ways to bypass this kind of protection. However, it makes for an additional barrier for the attacker to overcome - think of it as defense in depth. The typical use case would be to isolate vainilla spyware, privacy issues and to block most common shellcodes.
 
 In the past we protected our open ports to the Internet, nowadays the problem is in the client side, client apps sending data to the Internet.
 

laf.cfg

@@ -3,6 +3,7 @@
 
 ; BASE TOOLS
 ping
+arping
 curl
 wget
 nc
@@ -23,6 +24,8 @@ ifconfig
 iwconfig
 wpa_supplicant
 NetworkManager
+nm-openvpn-serv
+openvpn
 crda
 
 ; SYSTEM

lafctl.c

@@ -23,8 +23,8 @@ char config_path[MAX_PATH] = "/etc/laf.cfg";
 
 int main(int argc, char *argv[])
 {
-	char *whitelist_exact   = NULL;
-	char *whitelist_similar = NULL;
+	char *whitelist_exact;
+	char *whitelist_similar;
 	char *cmd, *type;
 	int  nls, c, i;
 	char flag_u = 0, flag_g = 0, flag_a = 0;
@@ -84,6 +84,9 @@ int main(int argc, char *argv[])
 		whitelist_exact   = malloc(MAX_WL_SIZE);
 		whitelist_similar = malloc(MAX_WL_SIZE);
 
+		bzero(whitelist_exact,   MAX_WL_SIZE);
+		bzero(whitelist_similar, MAX_WL_SIZE);
+
 		whitelist_exact[0]   = '3';
 		whitelist_similar[0] = '4';
 
@@ -92,6 +95,11 @@ int main(int argc, char *argv[])
 			return EXIT_FAILURE;
 		}
 
+		if (DEBUG) {
+			printf("E: %s\n", whitelist_exact);
+			printf("S: %s\n", whitelist_similar);
+		}
+
 		/* send */
 		send_event(nls, whitelist_exact);
 		send_event(nls, whitelist_similar);

lafd.c

@@ -62,27 +62,27 @@ void send_signal(DBusConnection *conn, char* sigvalue)
 
 	pid_t pid;
 
-    pid = fork();
+	pid = fork();
 
-    if (pid < 0)
-        exit(EXIT_FAILURE);
+	if (pid < 0)
+		exit(EXIT_FAILURE);
 
-    if (pid > 0)
-        exit(EXIT_SUCCESS);
+	if (pid > 0)
+		exit(EXIT_SUCCESS);
 
-    if (setsid() < 0)
-        exit(EXIT_FAILURE);
+	if (setsid() < 0)
+		exit(EXIT_FAILURE);
 
-    signal(SIGCHLD, SIG_IGN);
-    signal(SIGHUP, SIG_IGN);
+	signal(SIGCHLD, SIG_IGN);
+	signal(SIGHUP, SIG_IGN);
 
-    pid = fork();
+	pid = fork();
 
-    if (pid < 0)
-        exit(EXIT_FAILURE);
+	if (pid < 0)
+		exit(EXIT_FAILURE);
 
-    if (pid > 0)
-        exit(EXIT_SUCCESS);
+	if (pid > 0)
+		exit(EXIT_SUCCESS);
 
 	// initialise the error value
 	dbus_error_init(&err);

laffun.c

@@ -36,10 +36,10 @@ int open_netlink(void)
 	addr.nl_family = AF_NETLINK;
 	addr.nl_pid = getpid();
 
-    if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
-        printf("bind < 0.\n");
-        return -1;
-    }
+	if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		printf("bind < 0.\n");
+		return -1;
+	}
 
 	if (setsockopt(sock, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &group, sizeof(group)) < 0) {
 		fprintf(stderr, "error: can't open netlink.\n");
@@ -142,21 +142,21 @@ void read_event_buf(int sock, int wait, char *buf_in, size_t buf_in_len)
 
 int read_config (char *path, char *whitelist_exact, char *whitelist_similar) {
 	FILE   *fp;
-    char   *line = NULL;
-    size_t  len = 0;
-    ssize_t read;
+	char   *line = NULL;
+	size_t  len = 0;
+	ssize_t read;
 	char    flag_exact   = 0;
 	char    flag_similar = 0;
 	int     wl_size_e    = 0;
 	int     wl_size_s    = 0;
 
-    fp = fopen(path, "r");
-    if (fp == NULL) {
+	fp = fopen(path, "r");
+	if (fp == NULL) {
 		fprintf(stderr, "error: can't read the file %s\n", path);
 		return -1;
 	}
 
-    while ((read = getline(&line, &len, fp)) != -1) {
+	while ((read = getline(&line, &len, fp)) != -1) {
 		if (line[0] == ' ' || line[0] == ';' || line[0] == '\n')
 			continue;
 
@@ -192,9 +192,9 @@ int read_config (char *path, char *whitelist_exact, char *whitelist_similar) {
 
 		if (flag_similar) {
 			wl_size_s += read;
-        	strcat(whitelist_similar,line);
+			strcat(whitelist_similar,line);
 		}
-    }
+	}
 
 	fclose(fp);
 
@@ -216,11 +216,11 @@ int laf_set_sysctl(int status) {
 
 
 int laf_add_whitelist(int wl_type, char *path, char *cmd) {
-	FILE   *fp;
-    char   *line = NULL;
+	FILE   *fp_r, *fp_w;
+	char   *line = NULL;
 	char   *buffer;
-    size_t  len = 0;
-    ssize_t read;
+	size_t  len = 0;
+	ssize_t read;
 	char    flag_search = 0;
 	int		f_size = 0;
 	int		f_seek = 0;
@@ -229,47 +229,47 @@ int laf_add_whitelist(int wl_type, char *path, char *cmd) {
 	if (wl_type > 1)
 		return -1;
 
-    fp = fopen(path, "r+");
-    if (fp == NULL) {
+	fp_r = fopen(path, "r+");
+	if (fp_r == NULL) {
 		fprintf(stderr, "error: can't read the file %s\n", path);
 		return -1;
 	}
 
 	cmd_len = strlen(cmd);
 
-    while ((read = getline(&line, &len, fp)) != -1) {
+	while ((read = getline(&line, &len, fp_r)) != -1) {
 
 		if (cmd_len == (read -1) && (strncmp(line,cmd,read -1) == 0)) {
-			fclose(fp);
+			fclose(fp_r);
 			return 1;
 		}
 
 		if ((strcmp(line,"[whitelist_exact]\n")   == 0 && wl_type == 0) || 
 			(strcmp(line,"[whitelist_similar]\n") == 0 && wl_type == 1)) {
-			f_seek = ftell(fp);
+			f_seek = ftell(fp_r);
 		}
 
 	}
 
-	fseek(fp, 0, SEEK_END);
-	f_size = ftell(fp);
-	fseek(fp, 0, SEEK_SET);
+	fseek(fp_r, 0, SEEK_END);
+	f_size = ftell(fp_r);
+	fseek(fp_r, 0, SEEK_SET);
 
 	buffer = malloc((f_size + 1) * sizeof(char));
-	ret = fread(buffer, f_size, 1, fp);
+	ret = fread(buffer, f_size, 1, fp_r);
 
-	fclose(fp);
+	fclose(fp_r);
 
-    fp = fopen(path, "w+");
+	fp_w = fopen(path, "w+");
 	for (i=0; i < f_seek; i++)
-		fputc(buffer[i],fp);
+		fputc(buffer[i],fp_w);
 
-	fprintf(fp,"%s\n",cmd);
+	fprintf(fp_w,"%s\n",cmd);
 
-	for (i=f_seek; i <= f_size; i++)
-		fputc(buffer[i],fp);
+	for (i=f_seek; i < f_size; i++)
+		fputc(buffer[i],fp_w);
 
-	fclose(fp);
+	fclose(fp_w);
 
 	free(buffer);