This post explores a hypothetical case where one has volatile data on a remote machine that needs to be removed as fast and as discretely as possible without having to open up a laptop and log in via SSH, an SFTP/FTP browser etc.
Rather, this post assumes it would be more convenient to just hit a single button on your phone or click a single icon that sends a network packet to the server, triggering a script that proceeds to delete your data and/or back it up to another trusted server.
This is just a quick sketch and so I’m eschewing questions of security. Indeed the whole thing could be done over SSL and improved here and there. There could be a deletion routine for the scripts themselves, EXT3/4 journal cleaning and a reboot routine also.
Regardless, by the time someone snooping on the network sees the payload of the packet go out, it will be too late - the data is already being deleted. In the case access to the Internet gateway is blocked there is still little risk; there’s no way of someone sniffing traffic knowing which data you want to delete on the server itself. Rather, the packet will just appear to contain an anomalous payload. If they send that same payload to your server, then they finish the job for you..
To begin. First we need to establish which data you want to delete.
Log into your server via SSH and install the program socat (assumes Debian GNU/Linux based OS):
apt-get update apt-get install socat
Now create a script, defining what you want to delete. Define also data you want to copy to another server:
#!/bin/sh # remote-kill.sh # Use dummy directories while testing! DELETEDIRS='/var/log/* /home/user/Mail/blackbox' COPYDIRS='/home/user/leaks /home/user/volatile' KILLSIG=$1 # KILLSIG is sent by the client if [ "$KILLSIG" = "809ca09affjakkj1pa8" ]; then rm -fr $DELETEDIRS & # background so we can start copying tar cvzf leaks.tar.gz $COPYDIRS && # SCP would run inside an ssh-agent with keys for a user on a remote # host that has restricted priveleges scp leaks.tar.gz email@example.com:. && # Delete the leaks and ssh-keys for the backup server rm -fr leaks.tar.gz $COPYDIRS rm -f /home/user/.ssh/backup.rsa fi
Save the out the script as remote-kill.sh, copy it to /root and make it executable:
chmod +x remote-kill.sh; cp remote-kill.sh /root
Now, as root on the server, set up the ssh-agent and run the socat listener:
ssh-agent bash # Define SSH keys here for login on remote backup host ssh-add /root/.ssh/backup.rsa # Run socat on port 1337. Because you can and it's still funny. # You could run it on a non-firewalled port like 443, also. # Assuming you don't need it for anything else on this # particular host (unlikely) while true; do socat -u TCP4-LISTEN:1337 STDIO | ./remote-kill.sh `tee`,nofork; sleep 1; done
Install socat onto your client machine (just as you did above) and write a kill script that will send out the packet:
#!/bin/sh # client-kill.sh KILLSIG='809ca09affjakkj1pa8' echo $KILLSIG | socat - TCP4:my-server.com:1337 && echo "Packet sent. Deletion underway.."
Write out this script as client-kill.sh, save it onto your desktop and make it executable so you can simply double-click it:
cd ~/Desktop chmod +x client-kill.sh
Have fun and remember to use dummy directories when testing!