added swap and ram wiping

hephaest0s · Jul 29, 2015 · 242bb5a · 242bb5a
1 parent 95133cb
commit 242bb5a
Showing 1 changed file with 83 additions and 19 deletions.
diff --git a/settings.ini b/settings.ini
@@ -3,6 +3,18 @@
 
 [config]
 
+######################## ######################## 
+# First are settings about usbkill behavior, then about the kill/destruction commands
+######################## ######################## 
+
+######################## 
+# Usbkill behavior commands:
+
+# whitelist
+# sleep
+# log_file
+######################## 
+
 # Whitelist command lists the USB ids that you want whitelisted
 # How to get the correct usbid for your trusted USB device?
 # BSD/Linux: run "lsusb", the usbid will looks like this: 0123:9abc
@@ -13,31 +25,47 @@
 # Be warned! Other parties can copy your trusted usbid to another usb device!
 # use whitelist command and single space separation as follows:
 # whitelist = ["4c2a:d2b0", "0b2d:a2c4"]
-# To allow multiple (2 and 4) USBs with same id: [ ("4c2a:d2b0":2), ("0b2d:a2c4":4)]
+# To allow multiple (2 and 4) USBs with same id: [ ("4c2a:d2b0":2), ("0b2d:a2c4":4)] or
+# [ "4c2a:d2b0","4c2a:d2b0", "0b2d:a2c4", ..., "0b2d:a2c4" ] (be consistent)
 whitelist = []
 
 # allow for a certain amount of sleep time between checks, e.g. 0.25 seconds:
 sleep = 0.25
 
-# Perform USB id copy detection?
-# This option does not work on all platforms, and can therefore be turned off.
-# double_usbid_detection = False
-double_usbid_detection = True
-
 # Log file location:
 log_file = /var/log/usbkill/usbkill.log
 
-# Remove log (folder) and settings (folder) and usbkill program (folder) upon kill?
-# This might be usefull if you only encrypt portions of your disk (home folder or volumes).
-# Make sure to sync the system (using do_sync=True) if this is a critical feature for you.
-# (True/False)
-melt_usbkill = False
+
+######################## 
+# Usbkill destruction commands:
+# N.B: all these commands are executed in the following order, except that ram and swap-wipe are in parallel.
+
+# remove_file_cmd
+# files_to_remove
+# folders_to_remove
+# melt_usbkill
+
+# kill_commands
+# do_sync
+
+# wipe_ram
+# wipe_ram_cmd
+# wipe_swap
+# wipe_swap_cmd
+######################## 
+
+##########
+# Remove commands:
+
+# remove_file_cmd
+# files_to_remove
+# folders_to_remove
+# melt_usbkill
+##########
 
 # use srm to remove files.
-# try srm --help or [x] to see what options are available
-# [x] http://srm.sourceforge.net/srm.html
-# Example: remove_file_command = srm -zlf
-remove_file_command = srm
+# Check srm --help for available options
+remove_file_cmd = srm -l
 
 # What files should be removed upon a kill?
 # Provide absolute paths to the files (paths that start with '/' or '~').
@@ -52,10 +80,19 @@ files_to_remove = []
 # folders_to_remove = ["~/Desktop/sensitive/", "~/Desktop/dpr_journal_entries/"]
 folders_to_remove = [ ]
 
-# Should usbkill sync the file system for you?
-# This should not be a problem on most computers.
-# Sync will save some of your work to disk before killing your computer.
-do_sync = True
+# Remove log (folder) and settings (folder) and usbkill program (folder) upon kill?
+# This might be usefull if you only encrypt portions of your disk (home folder or volumes).
+# Make sure to sync the system (using do_sync=True) if this is a critical feature for you.
+# (True/False)
+melt_usbkill = False
+
+
+##########
+# Custom commands:
+
+# kill_commands
+# do_sync
+##########
 
 # Custom kill commands that can not be specified using above described mechanisms.
 # This is where you want to release volumes, etc.
@@ -65,3 +102,30 @@ do_sync = True
 # kill_commands = [ "bash ~/scripts/destroy.sh", "sync" ]
 kill_commands = [ ]
 
+# Should usbkill sync the file system for you?
+# This should not be a problem on most computers.
+# Sync will save some of your work to disk before killing your computer.
+do_sync = True
+
+##########
+# Wipe commands:
+# Note: if both are set, the commands are excecuted in parallel.
+# These commands will take a long time to complete and also make the device unresponsive!
+# These commands will greatly stall the halting of your system!
+
+# do_wipe_swap
+# wipe_swap_cmd
+# do_wipe_ram
+# wipe_ram_cmd
+##########
+
+
+# Set do_wipe_swap to True in order clean the swap
+do_wipe_ram = False
+# Check sdmem --help for available options
+wipe_ram_cmd = sdmem -fll
+
+# Set do_wipe_swap to True in order clean the swap
+do_wipe_swap = False
+# Check sswap --help for available options
+wipe_swap_cmd = sswap -l