Application firewall Douane for ArchLinux

While reading the Wikileaks publications about the internal CIA malware production, I became aware that these engineers had to cope with several security products on the MacOS X platform, to safely install their monitoring software and to avoid being detected by third-party firewalls. One document published, describes how the remote-control software “DerStarke” is able to hide its traffic by inheriting into an unsuspicious process like Safari. They further note, that this method successfully circumvents application firewalls like “Little Snitch“.

These insights into govermental intelligence operations show that even products considered to be more secure, like MacOS X, are still vulnerable to these kind of attacks. But on the the contrary, security messures like application sandboxing and firewalling, makes it more complicated for intruders to bypass everything without being recognized.

I was then looking into an application firewall solution for Linux systems and found out about Douaneapp. Even though the software looked a bit unstable and discontinued, I gave it a try.

Gnome file picker dialog triggers smb connections in the background

Douane is a bit difficult to install but I was able to get it working. The program consists of a kernel module, which is able to block outgoing connections per process, a daemon and a dialog process. After installing and running everything, a small popup window appears, asking for permissions.

I enhanced the ArchLinux packages and applied some patches to the software, so it is now easier to get started:

pacaur -S douane-dkms-git douane-daemon-git douane-dialog-git

After installation, start the daemon:

sudo systemctl daemon-reload
sudo systemctl start douane-daemon

Ensure that the dialog process is started with your desktop:

/opt/douane/bin/douane-dialog

Thats it! In case the daemon won’t start, it could be that you have to manually load the kernel module:

sudo modprobe douane
lsmod | grep douane

I really hope that the development of this application continues. If you know any alternatives to this app, please let me know and drop a comment :)

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

* Checkbox GDPR is required

*

I agree

Software
Officepad – Etherpad alternative based on Onlyoffice

During the Chaos Communication Camp 2019 I was working on a project called Officepad. The aim was to build a web interface comparable to Etherpad. Etherpad is a well established tool for online text collaboration used by software developers, activists and so on. Etherpad is relatively stable and works well …

Software
2
Bye bye Play Store! Mirroring Play Store Apks to private F-Droid repo

This small tutorial will show you how to setup your own F-Droid repository containing automatically mirrored Play Store apps. Using this private repo, you don’t have to relay on Google Play Store or third party stores anymore to keep non-free apps up-to-date. All you need to have is a Linux …

Software
Ebook reader app for Nextcloud

Because of lack of altenatives I decided to write a small ebook reader plugin for Nextcloud. The task of creating such an app was quite easy: I just forked the files_pdfviewer extension and replaced PDF.js with the Epub.js library. In the app template file, I used the reference ebook reader …