Monday, June 30, 2014

Dead Man's Switch - Simple To Implement

One tool that has been discussed endlessly is called the "Dead Man's Switch". A "Dead Man's Switch" is a tool that requires interaction either continuously or regularly, and if that interaction doesn't work, the "switch" is triggered. These kinds of tools have been used in a number of areas. Usually, they are used in high-security areas, such as military triggers. Just a note, Wikileaks had an "Insurance File" that contained a number of encrypted documents that was available in the BitTorrent world, and a form of a Dead Man's Switch with the decryption key.

Anything that should happen if something else happens to you is a prime candidate to implement a switch like this, hence, I needed my own switch set up to get information to my wife.

Since I had just altered the process for my dead man's switch, I thought it might work well to illustrate how I had it set up, so if anyone wants to create one on a Linux platform, it is a simple process.

Here's how it worked.
  1. A cron was set up that checked the age of a file. If this file was too old, it triggered an action (e.g. mailing a copy of my "Insurance File" to a close friend). The cron ran once every day, e.g. (at midnight as an example) :

      0 0 * * * /usr/bin/run_like_a_deadman.sh

    The cron script looked like :
      
      #!/bin/sh
      
      MAX_AGE_IN_DAYS=5
      PRE_MAX_AGE_IN_DAYS=3
      SWITCH_FILE=/my/deadman/file/to/check
      SWITCH_FILE_LAST_MODIFIED=`stat --format='%Y' "$SWITCH_FILE"`
      CURRENT_TIME=`date +%s`
      AGE_IN_DAYS=`echo "($CURRENT_TIME - $SWITCH_FILE_LAST_MODIFIED) / 86400" | bc`
      
      if [ "$MAX_AGE_IN_DAYS" -lt "$AGE_IN_DAYS" ]; then
        # max_age exceeded, trigger deadman
        echo "If you are receiving this e-mail, please know the following.  (1) I haven't reset my digital deadman switch.  (2) I wish this hadn't had to happen like this.  (3) Since I have been unable to reset the timer, something bad must have happened to me in the last $AGE_IN_DAYS days. There is a floppy disk hidden in the LP collection of the cellar that includes some instructions.  Please review the instructions.  And, above all else, PLEASE know that I will miss all of you!" | mail -s 'CRITICAL: deadman switch activated' friendOne@gmail.com
        exit;
      fi;
      
      if [ "$PRE_MAX_AGE_IN_DAYS" -lt "$AGE_IN_DAYS" ]; then
        # warning, PRE_MAX_AGE_IN_DAYS exceeded, fire a warning shot
        echo "please follow the procedure prescribed to reset the deadman switch timer." | mail -s 'WARNING: deadman switch active' myself@gmail.com
      #else
      #  # all is well, let's do nothing
      fi;
      
    This said that if I didn't log in to my server in three days, I'd get an e-mail (if my address was myself@gmail.com) telling me I have to log in. If I hadn't logged in for 5 days, my friend (friendOne@gmail.com) would get an e-mail.
  2. Whenever I logged into my server, I had a .bashrc command that touched the trigger file.  For example, it simply ran :

      touch /my/deadman/file/to/check
      

    You could also accomplish this through a remote server, if you had a secure server somewhere else by adding something like :

      /usr/bin/wget -q -O /dev/null http://www.example.com/cgi-bin/reset_deadman_timer.pl

     A simple CGI could look like :

      #!/usr/bin/perl
      
      `touch /srv/.deadman`;
      print "Content-Type: text/plain\n\nOK";

     Please note that the above isn't really secure. Virtually anyone could post to the URL if they found it and prevent things from happening unless you had some SERIOUS mechanisms to keep things locked down.  And in that case, since it would be a public server, anyone with access to the server could possibly step through the process to figure it out.
Just a little bit of information that you might find beneficial.  Enjoy!

No comments:

Post a Comment