Application firewall Douane for ArchLinux

While reading the Wikileaks publications about the internal CIA malware production, I became aware that these engineers had to cope with several security products on the MacOS X platform, to safely install their monitoring software and to avoid being detected by third-party firewalls. One document published, describes how the remote-control software “DerStarke” is able to hide its traffic by inheriting into an unsuspicious process like Safari. They further note, that this method successfully circumvents application firewalls like “Little Snitch“.

These insights into govermental intelligence operations show that even products considered to be more secure, like MacOS X, are still vulnerable to these kind of attacks. But on the the contrary, security messures like application sandboxing and firewalling, makes it more complicated for intruders to bypass everything without being recognized.

I was then looking into an application firewall solution for Linux systems and found out about Douaneapp. Even though the software looked a bit unstable and discontinued, I gave it a try.

Gnome file picker dialog triggers smb connections in the background

Douane is a bit difficult to install but I was able to get it working. The program consists of a kernel module, which is able to block outgoing connections per process, a daemon and a dialog process. After installing and running everything, a small popup window appears, asking for permissions.

I enhanced the ArchLinux packages and applied some patches to the software, so it is now easier to get started:

pacaur -S douane-dkms-git douane-daemon-git douane-dialog-git

After installation, start the daemon:

sudo systemctl daemon-reload
sudo systemctl start douane-daemon

Ensure that the dialog process is started with your desktop:

/opt/douane/bin/douane-dialog

Thats it! In case the daemon won’t start, it could be that you have to manually load the kernel module:

sudo modprobe douane
lsmod | grep douane

I really hope that the development of this application continues. If you know any alternatives to this app, please let me know and drop a comment :)

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

* Checkbox GDPR is required

*

I agree

Software
Virtual 3D online exhibition with MapBox GL JS

For my last semester in university (summer semester 2018) at the KIT, I was part of a project to create an “online art exhibition”. We planned to produce different media formats in smaller groups. One for video, another for text and promotion and one for the online presence. I’ve figured …

Software
Host your own Mapbox GL JS vector tiles map

I’ve done some research recently on how I could host my own online map viewer with a MapBox GL JS instance, an excellent and modern open-source alternative for Google Maps. The server should also serve own preprocessed map data from OpenStreetmap planet extracts. No external or third-party service will be …

Software
1
Easily setup Signal 2FA on Nextcloud 14

Two-factor authentication (short 2FA) is an important security concept to secure unauthorized access to your web applications. Popular online services like Google Mail, Instagram or Facebook already provide this mechanism to secure user accounts with an additional one-time token. Considering someone is able to obtain your username and password combination, …