Application firewall Douane for ArchLinux

While reading the Wikileaks publications about the internal CIA malware production, I became aware that these engineers had to cope with several security products on the MacOS X platform, to safely install their monitoring software and to avoid being detected by third-party firewalls. One document published, describes how the remote-control software “DerStarke” is able to hide its traffic by inheriting into an unsuspicious process like Safari. They further note, that this method successfully circumvents application firewalls like “Little Snitch“.

These insights into govermental intelligence operations show that even products considered to be more secure, like MacOS X, are still vulnerable to these kind of attacks. But on the the contrary, security messures like application sandboxing and firewalling, makes it more complicated for intruders to bypass everything without being recognized.

I was then looking into an application firewall solution for Linux systems and found out about Douaneapp. Even though the software looked a bit unstable and discontinued, I gave it a try.

Gnome file picker dialog triggers smb connections in the background

Douane is a bit difficult to install but I was able to get it working. The program consists of a kernel module, which is able to block outgoing connections per process, a daemon and a dialog process. After installing and running everything, a small popup window appears, asking for permissions.

I enhanced the ArchLinux packages and applied some patches to the software, so it is now easier to get started:

pacaur -S douane-dkms-git douane-daemon-git douane-dialog-git

After installation, start the daemon:

sudo systemctl daemon-reload
sudo systemctl start douane-daemon

Ensure that the dialog process is started with your desktop:

/opt/douane/bin/douane-dialog

Thats it! In case the daemon won’t start, it could be that you have to manually load the kernel module:

sudo modprobe douane
lsmod | grep douane

I really hope that the development of this application continues. If you know any alternatives to this app, please let me know and drop a comment :)

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

* Checkbox GDPR is required

*

I agree

Software
Importing playlists to Jellyfin media server

In the following post I would like to describe a way to import music playlists to Jellyfin media server, for example in case you want to migrate them from a former Plex or Emby installation. Usually, Jellyfin is already able to detect playlist files within the media library. Unfortunately my …

Software
Jellyfin media server on Archlinux ARM

In this post, I want to share some insights on building Jellyfin media server for Archlinux ARM. The PKGBUILD for Jellyfin one can find on the AUR, is specifically made for 64 bit architectures. Nevertheless Microsoft released the dotnet runtime, which Jellyfin relies on instead of Mono, also for Linux …

Software
2
Voice control Archlinux with Amazon Alexa

I was interested to see how commercial voice recognition software would behave on an usual Linux laptop and tried to deploy an Amazon Alexa instance. There are some installation scripts and tutorials available for Ubuntu and Raspberry PI using the avs-device-sdk from Github. Even though some of them are official …