Silk Guardian

Silk Guardian is Article description::a Linux kernel module kill switch that upon detecting changes to USB ports, wipes the RAM, securely deletes user specified files, and then shuts down the system.

Software
Silk Guardian needs to be built manually since it can only be configured by modifying the source code prior to being built.

Install the required dependencies:

Clone the Silk Guardian Git repository:

Silk Guardian activation can be prevented by adding known USB devices to a whitelist. The whitelist format is, where   and   are 4 digit hexadecimal numbers returned by. For example, to whitelist a Logitech G105 keyboard, add its vendor ID and product ID  to the whitelist_table array in :

When activated, Silk Guardian will securely delete (with ) user specified files. This feature is particularly useful when sensitive files are stored on the system. For example, to securely delete the user Larry's SSH and GnuPG private keys, add the following to the remove_files array in :

Build and install Silk Guardian:

Kernel module
The Silk Guardian kernel module can be loaded manually by the command:

To manually remove the Silk Guardian kernel module:

The Silk Guardian kernel module can also be loaded automatically at boot:

OpenRC

systemd

Usage

 * Silk Guardian can be activated when an unknown USB device is plugged into the system. This could be useful in stopping a malicious USB device from installing malware or a backdoor onto the system.


 * Silk Guardian can be activated by unplugging a known USB device from the system that has not been whitelisted. In this case, the known USB device needs to be plugged into the system prior to loading the Silk Guardian kernel module. This is useful when the system needs to be quickly secured, especially when disk encryption is utilized.

Removal
To uninstall Silk Guardian:

External resources

 * USBGuard - A software framework that protects against rogue USB devices.