-
Notifications
You must be signed in to change notification settings - Fork 1
/
usb_canary
executable file
·78 lines (68 loc) · 2.41 KB
/
usb_canary
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/bin/bash
# usb canary by fijimunkii
# monitor usb devices while your computer is locked
# get notified when someone plugs in or removes a usb device
# NOTE: optional arg to always alert
# NOTE: optional environment variables for sms:
# TWILIO_FROM
# TWILIO_TO
# TWILIO_SID
# TWILIO_AUTH
# TODO: posix diff
set -u
set -o pipefail
[ -z ${1+x} ] && PARANOID=0 || PARANOID=1
HOSTNAME=$(hostname -s)
function alert {
echo "$1"
[ -z ${TWILIO_FROM+x} ] || [ -z ${TWILIO_TO+x} ] || \
[ -z ${TWILIO_SID+x} ] || [ -z ${TWILIO_AUTH+x} ] || \
curl -X POST https://api.twilio.com/2010-04-01/Accounts/$TWILIO_SID/Messages.json \
--data-urlencode "Body=$1" \
--data-urlencode "From=$TWILIO_FROM" \
--data-urlencode "To=$TWILIO_TO" \
-u $TWILIO_SID:$TWILIO_AUTH
}
function exit_canary {
alert "EXIT from USB CANARY on $HOSTNAME"
exit
}
trap exit_canary EXIT HUP INT TERM
OS=""
case "$(uname -s)" in
Darwin) OS='Mac' ;;
Linux) OS='Linux' ;;
*) echo 'Unsupported OS'; exit 1 ;;
esac
while :
do
sleep 0.5s
AWAY=0
[ -z ${NEW_DEVICES+x} ] && DEVICES="" || DEVICES="$NEW_DEVICES"
if [ $OS = 'Mac' ] ; then
NEW_DEVICES=$(ioreg -p IOUSB -w0 | sed 's/[^o]*o //; s/@.*$//' | grep -v '^Root.*')
# Idle for 1 minute
IDLETIME=$(ioreg -c IOHIDSystem | awk '/HIDIdleTime/ {print int($NF/1000000000); exit}')
[ "$IDLETIME" -gt "60" ] && AWAY=1
# No graphics capabilities
pmset -g systemstate | grep Graphics > /dev/null || AWAY=1
# Screensaver enabled
pgrep -q ScreenSaverEngine > /dev/null && AWAY=1
elif [ $OS = 'Linux' ] ; then
NEW_DEVICES=$(lsusb)
# Idle for 1 minute
command -v gnome-screensaver-command -q | grep -w -c inactive && AWAY=1
command -v xprintidle && [ "$(xprintidle)" -gt "60000" ] && AWAY=1
command -v xscreensaver-command && xscreensaver-command -time && AWAY=1
# Screensaver enabled
qdbus org.freedesktop.ScreenSaver /ScreenSaver org.freedesktop.ScreenSaver.GetActive && AWAY=1
qdbus org.kde.screensaver /ScreenSaver org.freedesktop.ScreenSaver.GetActive && AWAY=1
qdbus org.gnome.ScreenSaver /ScreenSaver org.gnome.ScreenSaver.GetActive && AWAY=1
fi
if [ "$DEVICES" != "" ] && { [ "$PARANOID" -gt "0" ] || [ "$AWAY" -gt "0" ]; }; then
DIFF=$(diff -U 0 <(echo "$DEVICES") <(echo "$NEW_DEVICES") 2>/dev/null | sed '1,3d')
if [ "$?" != "0" ] && [ "$DIFF" != "" ] ; then
alert "USB CANARY on $HOSTNAME: $DIFF"
fi
fi
done