Danny Rosseau / file-canary · GitLab
gitlab.com
GitLab.com

I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials

  • lemmyuser@programming.devOP
    5·
    6 hours ago

    There is a very high chance there are files you will never use that a credential harvester would be interested in. For example some look for certain wallets that I definitely don’t have, so I create a canary file for that. You can also add $HOME/.ssh/id_rsa and $HOME/.ssh/id_ed25519 and then use nonstandard key names for your typical key usage etc.

    I’ve been running this for a week now with no lost connections yet :)

    • CameronDev@programming.dev
      3·
      6 hours ago

      Okay, so not for protecting actual creds then. Makes sense, although would be nice to have a way to protect actual creds. No idea how that would be achievable though.

      • lemmyuser@programming.devOP
        5·
        6 hours ago

        Right it’s just for things you don’t use but a credential harvester would find interesting.

        I’ve been working a lot on containing the blast radius with some careful LXC usage, but this was a quick way to get some real value without a ton of thought.