Danny Rosseau / file-canary · GitLab
gitlab.com
GitLab.com

I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials

    • lemmyuser@programming.devOP
      5·
      6 hours ago

      There is a very high chance there are files you will never use that a credential harvester would be interested in. For example some look for certain wallets that I definitely don’t have, so I create a canary file for that. You can also add $HOME/.ssh/id_rsa and $HOME/.ssh/id_ed25519 and then use nonstandard key names for your typical key usage etc.

      I’ve been running this for a week now with no lost connections yet :)

      • CameronDev@programming.dev
        3·
        6 hours ago

        Okay, so not for protecting actual creds then. Makes sense, although would be nice to have a way to protect actual creds. No idea how that would be achievable though.

        • lemmyuser@programming.devOP
          5·
          6 hours ago

          Right it’s just for things you don’t use but a credential harvester would find interesting.

          I’ve been working a lot on containing the blast radius with some careful LXC usage, but this was a quick way to get some real value without a ton of thought.