Silk Guardian is a program that disables the OS kernel, erases RAM (random access memory), deletes user-specified data, and turns off the computer if it
notices changes on the USB port.
In simple terms: when someone inserts an unfamiliar flash drive into your device without your knowledge, the computer will shut down and clear the RAM. Thus,
the attacker will not have your data in his hands, but an encrypted blank.
The thing is that an ill-wisher can run software to take a snapshot of RAM in order to extract encryption keys, that's why the script clears RAM.notices changes on the USB port.
In simple terms: when someone inserts an unfamiliar flash drive into your device without your knowledge, the computer will shut down and clear the RAM. Thus,
the attacker will not have your data in his hands, but an encrypted blank.
Here are some of the few ways to use this program:
1. Let's imagine that an ill-wisher has gained access to your computer and is trying to connect something to it. As you understand, as soon as he connects his
peripherals to our device, the latter will immediately execute the command to erase
compromising data and turn off. When the system is rebooted, our
enemy will be greeted by a window asking for a password from the encrypted disk;
2. Let's say you need to provide the ability to instantly disconnect
the device. In this case, we can connect a device not from the trusted list to
the computer before loading the system, and then load the system,
enter the password from the disk, etc. The system will work, but after you
remove the device, the computer turns off and is encrypted;
Let's begin.
First, you need to install the Linux headers, git, gcc, make packages.
Write in the terminal:
# uname -r – this is how we find out the version of the system kernel. I have version 5.10.34-1
That's it, the module is in working order, you don't need to do anything else. If you want to disable or remove the module, it's easy:
# modprobe -r silk: temporarily disables the module
# rm -i /lib/modules/$(uname -r)/extra/silk.ko: removes the module from the system
# depmod -a
Now you can check the results of your work by inserting a device not from the trusted list into the computer - the system will turn off.
Or insert the device before booting, and when the system has booted, remove it - and it will turn off again. This will be an emergency shutdown. In general, you don't have to add any
devices to the trusted ones, but just use the second option: if you insert a flash drive
before booting, you can use it without problems while the OS is awake.
