School project where we had to develop a PAM module.
This module decrypts a file in the users' home directories when the users logged in.
Add backports
# echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list
# apt update# apt install python3 python3-dev python3-pip libcryptsetup-dev python3-simplejson python3-systemd python3-guestfs python3-psutil libsqlite3-dev libsqlcipher-dev
# pip3 install pysqlcipher3$ cd /lib/x86_64-linux-gnu/security/
$ git clone [email protected]:/dhiver_b/Pamela luksypamInstall pycryptsetup python module
$ cd pycryptsetup
# pip3 install -e .Add at the end of /etc/pam.d/common-auth
auth required pam_exec.so expose_authtok /lib/x86_64-linux-gnu/security/luksypam/luksypam/luksypam_auth.py
And at the end of /etc/pam.d/common-session
session required pam_exec.so /lib/x86_64-linux-gnu/security/luksypam/luksypam/luksypam_close_session.py
- Container and configuration file creation on the fly
- SSH capable
- Logs via systemd + verbose mode
- A CLI tool is provided to change the container password
- Multi-containers
- Mountpoint and name of the volume can be set
- In Python3!
- Build module pycryptsetup
- Modification added to the pycryptsetup module (hash algorithm + True random)
- Profile management (weak or not?)
- Generated container are filled with random values
- Secure deletion
- Passwords stored in a database
- Container size can be specified
- Containers can be disabled
- pam_exec.so recode