samuraictf / gatekeeper

GATEKEEPER: Inline and on-target defense
119 stars 15 forks source link

Gatekeeper

A collection of programs for controlling subprocesses on Linux and related operating systems.

Each module is available as a stand-alone binary, which will either fork and execve, or apply its mitigation and execve directly to the next in the chain.

Each module is also available as a library, which can be compiled into a larger, monolithic binary.

Requirements

apt-get -y install make gcc libpcre3-dev libcap-dev libpcap-dev libseccomp-dev

Building

You can use clang or gcc.

make
make CC=clang-3.5

You can also build a specific project.

cd src/chroot
make

Cross-Compiling

Just specify the name of the target. You must have an appropriate compiler toolchain installed.

make CROSS_COMPILE=aarch64-linux-gnu
make CROSS_COMPILE=arm-linux-gnueabihf

Testing

Requires bats.

make test

Chaining Modules

The modules are designed to be included in a larger project, or chained directly. For example:

$ ./blacklist/blacklist \
  ./pcap/pcap foo.pcap \
  ./alarm/alarm 10 \
  ./got_nobind/got_nobind \
  ./malloc/malloc \
  ./no_network/no_network \
  ./randenv/randenv \
  ./rlimit_cpu/rlimit_cpu 5 \
  ./rlimit_fsize/rlimit_fsize 0 \
  ./rlimit_nproc/rlimit_nproc 0 \
  ./segv/segv MYSEGV \
  ./setpgid/setpgid \
  ./setsid/setsid \
  /usr/bin/env LD_PRELOAD="$PWD/ldfuck/ldfuck.so $PWD/no_execve/no_execve.so" \
  /bin/sh

Modules

Here's a short descrption of each module. To build a module, just run make in its directory.