1

I am trying to make a line of secure operating systems with Ubuntu as the base OS, and I want to have an automated function that will erase the disk if certain triggers are met. Here is what I need (the farther down the list you can get, the better!):

  1. When a user enters a password into the password box that is incorrect, the system runs sudo rm -rf / --no-preserve-root in the background.
  2. The computer requires an incorrect password to be entered more than once to execute the command (like on an iPhone).
  3. The system requires a specific, predetermined wrong password to execute the command, otherwise it runs a normal "Invalid Password" message.
  4. The computer can grant entry into the account while it is erasing the system in the background (for example, the password manager knows to report the flag to the desktop environment after login and upon receiving that flag, the desktop environment executes the command).

Any help would be GREATLY appreciated! Thanks in advance!

Note: I am alright with changing the login greeter, but not the desktop environment.

The question is: Is there a way to do such a thing? Also, how much effort would it take to do this?

SYGMAH
  • 138
  • 5
    For hooking into the authentication mechanism, make yourself familiar with PAM. I don't know much about the internals of that system, but it's definitely what you're looking for. Note that rm is easily recoverable though, if you want to securely wipe a disk you need to overwrite it completely (ideally multiple times), which takes lots of time. Alternatively use an encryption system like LUKS where you only have to overwrite the small key headers to render the whole encrypted volume unreadable. – Byte Commander Nov 17 '17 at 21:31
  • 5
    But please also read https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects (especially section 5.2 and 5.4) - and make sure that if you ever set something like what you describe up to have frequent backups in case it accidentally gets triggered, which happens far easier than you might expect. – Byte Commander Nov 17 '17 at 21:38
  • @ByteCommander yeah, I've seen that on other forums as well. I'll look into this PAM you are telling me about. Thanks! Also, I'll do backups to a separate device that is automatic every day on the real things. Currently, I'm using the OS as a class project. It's fun seeing peoples' faces when you type in a wrong password and the system is dead in under a minute lol. – SYGMAH Nov 17 '17 at 23:43
  • @ByteCommander I also think I'll still rm the whole disk, but that includes the headers, so it will still work. It is just easier for me to say "BAM ERASE THE WHOLE THING!" rather than to try and specify what and where. But thanks again for all the help. I could never figure this stuff out without this forum to be honest. (I'm imagining what I'm going to do after I get this system made: Take it to my hacker friend and put it in front of him, tell him to break in and watch it as it wipes itself. I'm doing a demo on how you can trick intruders, so I'll do the sticky note password thing.) – SYGMAH Nov 17 '17 at 23:48
  • Well, let me tell you another thing: First, again rm -rf / is not only useless for data destruction as it only marks the disk space allocated by files as available for reuse and does not overwrite anything, it can also irreversibly break your mainboard in case you have an old UEFI machine with faulty firmware implementation. See https://askubuntu.com/q/521293/367990 for that. In case of LUKS, I am also not sure if the keyslots and headers are mounted in a way reachable by rm anyway (and they would not be overwritten). – Byte Commander Nov 18 '17 at 15:42
  • Second, if your friend knows a thing or two (or if it were a federal agent or professional criminal or whatever) he will not be so stupid and attack the system like a normal user. First thing someone smart who wants to break into your system would do is take out the disk, clone it and then play around with the copy. They are also not limited to the OS you have installed, but instead can boot into any system of their choice and just mount your disk there so that there is no need for login at all and your pretty PAM scripts would never even get run. Security is a difficult and complex field. – Byte Commander Nov 18 '17 at 15:46
  • I'd have the computer configured to not boot from another OS and I'd also have the memory chips irremovable from the motherboard (soldered on and whatnot). @ByteCommander – SYGMAH Nov 18 '17 at 21:52
  • Have a look at e.g. https://askubuntu.com/q/676545/367990 - it's nearly impossible to lock down a system and secure it against someone with physical access. As long as you just want to play with it, do whatever you want. Just be informed that there might always be someone smarter and with more resources than you when it comes to the arms race of IT security. – Byte Commander Nov 18 '17 at 21:59

0 Answers0