Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

version 1.0.0 #6

Merged
merged 4 commits into from
Jun 10, 2024
Merged

version 1.0.0 #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4ad0d38
feat: version 1.0.0
rem0obb Jun 10, 2024
2ee16a1
fix: adjust markdown
rem0obb Jun 10, 2024
38d81de
feat: add version kernel tested
rem0obb Jun 10, 2024
bd653e9
fix: remove lines
rem0obb Jun 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#
# Normal rules
#
.idea
scripts/qemu/initramfs/opt/*
.*
*.o
Expand Down
30 changes: 24 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,7 @@
# CrowArmor : Linux Driver


> [!WARNING]
> Dear Users, We would like to inform you that CrowArmor is currently in its beta testing phase. As such, we highly recommend refraining from installing it on your host machine at this time.

![CrowArmor](assets/crowarmor.png)


# What is CrowArmor ?

CrowArmor is a driver for Linux aimed at system security, we use [LSM](https://en.wikipedia.org/wiki/Linux_Security_Modules) interfaces to improve kernel security, providing support for [MalDec-EDR](https://github.com/maldeclabs/MalDec-EDR), code documentation and how to proceed with installation [Documentation](documentation)
Expand Down Expand Up @@ -40,7 +35,7 @@ The standard practice is to have the latest stable production version available
```
# Testing

You need to test all components of Linux Defender, if possible detail the task of the components you tested, which paths you took and how we can perform the tests, if possible create a script of how the tests for your task work, more than 1 developer can carry out the review.
You need to test all components of MalDec-EDR, if possible detail the task of the components you tested, which paths you took and how we can perform the tests, if possible create a script of how the tests for your task work, more than 1 developer can carry out the review.

## Automated Testing

Expand All @@ -49,3 +44,26 @@ Every modification to the code, no matter how small, should ideally be accompani
## Manual Quality Assurance (QA) Testing

Changes should be tested by somebody other than the developer who wrote the code. This is especially important for large or high-risk changes. It is useful to add a test plan to the pull request description if testing the changes is not straightforward.

## Features

- Communicates with MalDec EDR
- Modifies the Syscall Table and hooks it
- Monitors if the Syscall Table has been modified
- Restores the Syscall if it has been modified by an unknown driver
- Monitors the CPU Control Registers and restores them if they are modified

## Tests carried out

- [X] Distro Debian-Based
- Ubuntu
- Debian
- [x] Distro Arch-Based
- Arch Linux
- Artix
- [x] Kernel Version 6.0.0
- 6.8.0-35-generic
- 6.0.0-060000
- [x] Kernel Version 5.0.0
- 5.0.5-050005-generic
- [x] Kernel Version 4.0.0
45 changes: 18 additions & 27 deletions documentation/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,22 @@ To install crowarmor, follow the commands below. Ensure that you have GCC versio

```sh
make # Compile crowarmor
make depends # Compile dependencies
make install # Install crowarmor module
```

Additionally, the Makefile provides helpful targets for executing scripts:

```sh
Available targets:
make all : Compile the crowarmor Driver
make all : Compile the CrowArmor Driver
make clean : Delete driver compilation
make infos : Display crowarmor Driver information
make infos : Display CrowArmor Driver information
make help : Display this help message
make install : Install Driver in machine
make uninstall : Uninstall Driver from machine
make depends : Compile the dependencies
make tests_compile : Make Tests Driver
make tests_clean : Delete Tests Driver
make qemu_start : Start emulation using qemu # for debian-based
```

After you install the driver, make sure the driver resides in `/dev/crowarmor`.
Expand All @@ -37,29 +38,17 @@ After you install the driver, make sure the driver resides in `/dev/crowarmor`.

<pre>
.
├── <a href="../assets">assets</a> <!-- Images -->
│ └── <a href="../assets/crowarmor.png">crowarmor.png</a>
├── <a href="../documentation">documentation</a> <!-- crowarmor documentation -->
│ └── <a href="../documentation/README.md">README.md</a>
├── <a href="../include">include</a> <!-- Headers utilized in sources -->
│ ├── <a href="../include/control_registers">control_registers</a>
│ ├── <a href="../include/err">err</a>
│ ├── <a href="../include/kpobres">kpobres</a>
│ └── <a href="../include/signals">signals</a>
├── <a href="../license">LICENSE</a>
├── <a href="../makefile">Makefile</a>
├── <a href="../modules">modules</a> <!-- Dependencies -->
│ └── <a href="../modules/lunatik">lunatik</a>
├── <a href="../readme">README.md</a>
└── <a href="../sources">sources</a> <!-- crowarmor codes and inclusive modules -->
├── <a href="../sources/chrdev">chrdev</a>
├── <a href="../sources/control_registers">control_registers</a>
├── <a href="../sources/hook_syscall">hook_syscall</a>
├── <a href="../sources/inspector">inspector</a>
├── <a href="../sources/kpobres">kpobres</a>
├── <a href="../sources/signals">signals</a>
├── <a href="../sources/crowarmor">crowarmor</a>
└── <a href="../sources/tracing">tracing</a>
├── <a href="../assets">assets</a>
├── <a href="../documentation">documentation</a>
├── <a href="../include">include</a>
├── <a href="../LICENSE">LICENSE</a>
├── <a href="../Makefile">Makefile</a>
├── <a href="../README.md">README.md</a>
├── <a href="../scripts">scripts</a>
├── <a href="../sources">sources</a>
└── <a href="../tests">tests</a>

7 directories, 3 files
</pre>

- [**sources**](../sources): This directory contains main modules and comprehensive source code files for the crowarmor project.
Expand All @@ -72,6 +61,8 @@ After you install the driver, make sure the driver resides in `/dev/crowarmor`.

- [**assets**](../assets): In this directory, discover a collection of images specifically related to the visual elements and graphics associated with the crowarmor application.

- [**assets**](../tests): Tests used for features

## Specifications

The crowarmor Linux Driver is specifically optimized for compilation using GCC version 12 to achieve optimal performance and compatibility. Please ensure that GCC version 12 is installed on your system before proceeding with the installation steps provided below. The last version was successfully compiled on kernel 6.5.6-76060506-generic.