gokill
gokill is a software dead man's switch. It belongs to the category of anti-forensic tools, providing a means to safeguard against potential repression. It is specifically crafted for worst-case scenarios, such as when intruders gain physical access to a device. In these intense situations, gokill can automatically perform tasks to enhance your security. Those could be:
- deleting data
- sending chat messages
- encrypting partitions
- destroying encrypted partitions
- locking the screen
- ect
documentation
A full list of Triggers and Actions with all their configuration options can be found here: https://k4lipso.github.io/gokill/
usage
If you use NixOS gokill can easily be integrated into your system configuration - scroll down for more info on that.
For all other linux distributions gokill currently needs to be built and setup manually.
# Clone the gokill repository
git clone https://github.com/k4lipso/gokill
cd gokill
# Build gokill - requires libolm
go build cmd/gokill/gokill.go
# Create a config.json and run gokill
./gokill -c config.json
# Running gokill manually is annoying, it is acutally meant to run as systemd unit.
Config Example
gokill is configured using a json file. it consists of a list of triggers, where each of the triggers as a list of actions that will be executed once triggered.
[ //list of triggers
{
"type": "UsbDisconnect", //triggers when the given device is disconnected
"name": "First Trigger",
"options": {
"deviceId": "ata-Samsung_SSD_860_EVO_1TB_S4AALKWJDI102",
"waitTillConnected": true //only trigger when usb drive was actually attached before
},
"actions": [ //list of actions that will be executed when triggered
{
"name": "unixCommand",
"options": {
"command": "shutdown -h now"
},
"stage": 2 // defines the order in which actions are triggered.
},
{
"type": "SendTelegram",
"options": {
"token": "3345823487:FFGdEFxc1pA18d02Akslw-lkwjdA92KAH2",
"chatId": -832325872,
"message": "attention, intruders got my device!",
"testMessage": "this is just a test, no worries"
},
"stage": 1 //this event is triggered first, then the shutdown
}
]
},
{
"type": "EthernetDisconnect",
"name": "Second Trigger",
"options": {
"interfaceName": "eth0",
},
"actions": [
{
"name": "unixCommand",
"options": {
"command": "env DISPLAY=:0 sudo su -c i3lock someUser" //example of locking someUser's screen as root
}
}
]
}
]
nix support
gokill enjoys full nix support. gokill exposes a nix flakes that outputs a gokill package, a nixosModule and more. That means you can super easily incorporate gokill into your existing nixosConfigurations.
NixOS Module
Here is a small example config:
{
services.gokill.enable = true;
services.gokill.triggers = [
{
type = "EthernetDisconnect";
name = "MainTrigger";
options = {
interfaceName = "eth1";
};
actions = [
{
type = "Command";
options = {
command = "echo hello world";
};
stage = 1;
}
];
}
];
}
This will automatically configure and enable a systemd running gokill as root user in the background
Build Documentation locally
nix run github:k4lipso/gokill#docs
Run integrations tests
nix flake check github:k4lipso/gokill