FOSSPicks
Security tool
PAM Duress
A few years ago, I was doing quite a bit of traveling between the US and Europe with my usual array of technology. I was worried about what I should do if I was forced to unlock a device and either hand that device over or permit the device to be searched. While I wasn't involved in anything that might be considered investigative journalism, I did want to set a good example and behave appropriately if anything like this happened. One impractical solution I envisaged was letting someone else encrypt my devices, so I could honestly say I didn't know how to unlock them (with the intention of asking that trusted someone for the keys when I arrived safely). Another more practical option was to take devices completely empty of anything, setting them up and erasing them as I arrived and departed again. Of course, I was never organized enough to do either of these things.
If PAM Duress had been around, I would have gone for this solution. The pluggable authentication module (PAM) system is at the heart of granting access to your Linux devices, and PAM Duress is a module that can trigger scripted behavior when you enter a password that's different from the one you'd normally use to unlock your data and device. These duress scripts can delete all your data, automatically send a notification to someone, or do whatever other function you desire. Installation is relatively straightforward and similar to any other PAM module. The scripts that are executed when a certain password is entered are signed and cannot be tampered with, although there is a testing function that can ensure the module is working correctly before deleting your data (for example). Everything works as expected. This may be a project with a very specific objective. If it appeals to you, PAM Duress performs a brilliant and essential function.
Project Website
https://github.com/nuvious/pam-duress
Usage monitor
Buy this article as PDF
(incl. VAT)