HiddenWall – Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden ^(https://www.appmarsh.com/link/https://www.kitploit.com/search/label/Hidden) mode, rootkit ^(https://www.appmarsh.com/link/https://www.kitploit.com/search/label/Rootkit) functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall… but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).
My beginning purpose at this project is protect my personal server, now is protect the machines of my friends. When i talk “friends”, i say peoples that don’t know how to write low level code. Using the HiddenWall you can generate your custom kernel module for your firewall configuration.
The low level programmer can write new templates for modules etc…

scripts ^(https://www.appmarsh.com/link/https://www.kitploit.com/search/label/Scripts) use that file to generate a new firewall module.

$ cat rules/server.yaml
module_name: SandWall
public_ports: 80,443,53
unhide_key: AbraKadabra
hide_key: Shazam
fake_device_name: usb14
liberate_in_2_out: True
- machine:
open_ports: 22,21
- machine:
open_ports: 22

If you want study the static code to generate, look the content at directory “templates”.

Second step, generate your module
If you want generate a kernel module following your YAML file of rules, follow that command:

$ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml

This generate a generic module with rules of server.yaml, if you want to use another template you can use “wall.c”, so template module “hiddenwall” have option to run on hidden mode(is not visible to “# lsmod” for example).

Third step, install your module
To test module:

# cd output; make clean; make
# insmod SandWall.ko

The rule of YAML to generate module is simple, drop all out to in packets, accept ports 80,443 and 53. The machine 192*.181 can connect at ports 22 and 21…
if you use nmap at localhost/ you can view the ports open… because rule liberate_in_2_out is true.
Password to turn Firewall ^(https://www.appmarsh.com/link/https://www.kitploit.com/search/label/Firewall) visible is “AbraKadabra”.
Password to turn Firewall invisible ^(https://www.appmarsh.com/link/https://www.kitploit.com/search/label/Invisible) is “Shazam”.
You need to send password for your fake device “usb14”.
To exit module, you need turn visible at “lsmod” command …

# echo "AbraKadabra" > /dev/usb14
# lsmod | grep SandWall
# rmmod SandWall

Random notes
Tested on ubuntu 16 and fedora 29 at kernels “3.x”,”4.x” and “5.x”.

Suport to IPV6. Macro to select the interface(to use multiple modes for each interface). Option to remove last logs when turn hide mode. Option to search and remove others toolkits… Code generator to BFP…

Wikipedia Netfilter https://en.wikipedia.org/wiki/Netfilter ^(https://www.appmarsh.com/link/https://en.wikipedia.org/wiki/Netfilter)
Linux Device Drivers http://lwn.net/Kernel/LDD3/ ^(https://www.appmarsh.com/link/http://lwn.net/Kernel/LDD3/)
M0nad’s Diamorphine https://github.com/m0nad/Diamorphine/ ^(https://www.appmarsh.com/link/https://github.com/m0nad/Diamorphine/)

Download HiddenWall ^(https://www.appmarsh.com/link/https://github.com/CoolerVoid/HiddenWall)

openSUSE Leap 15.1 Is Here: Offers Full Linux Experience On Raspberry Pi

The open source company SUSE is known for its commercial SUSE Linux Enterprise offerings for desktop and server users. The company also sponsors a free and open source community distribution known as openSUSE, which is widely popular among open source enthusiasts across the world. openSUSE further offers two releases: Leap follows the fixed release model […]

The post openSUSE Leap 15.1 Is Here: Offers Full Linux Experience On Raspberry Pi ^(https://www.appmarsh.com/link/https://fossbytes.com/opensuse-leap-15-1-linux-distro-raspberry-pi/) appeared first on Fossbytes ^(https://www.appmarsh.com/link/https://fossbytes.com/).

from Fossbytes http://appmarsh.com/2WuIVUp
via IFTTT ^(https://www.appmarsh.com/link/https://ifttt.com/?ref=da&site=appmarsh)