#!/bin/bash ## This script offers a small notification to the user when the computer ## attempts to connect to a DIGITAL FEUDALIST, and will (with minor ## user effort in using 'groups') even expose an offending app! FULL ## DISCLOSURE: minor bug very occasionally causes wrong application ## to be blamed for a request so please attribute blame to an ## offending applications with (some) caution. It mostly works fine so ## consider waiting for a repeat of the behaviour, before making any ## public accusations. /// Also unsure if groups is the best ## and most easiest method to attribure blame to applications. /// ## IPv6 is untested. ## ## This script goes into the folder /usr/bin/law-DFCA/ ## ## Ensure it is executable... #chmod +x /usr/bin/law-DFCA/notify-me-of-firewall-action.sh ## ...and executed at startup by a '.desktop' file (see README). ## REQUIRES ## - notifysend ## - papirus-icon-theme (icons to represent some DIGITAL FEUDALISTs) ## - groupadd ## - sg ## - usermod ## LICENSE: ## The below, is a DISTRIBUTED ANTITRUST LAW. It is COPYLEFT-LICENSED as GPLv3, with some basic yet strict limitations below. Originally by 'UNSENDER' and released in 2023 for the sole purpose of ending DIGITAL SLAVERY AND SUPPRESSION and thus only designed for FREE-LICENSE and OPEN-SOURCE 'OPERATING SYSTEMS' or, as they are referred to in the linux community, 'DISTROS'. DIRECTLY FOLLOWING THIS LICENSE A FULL CHANGELOG MUST BE INCLUDED. IT IS IMPERATIVE THAT THIS DOCUMENT REMAINS A HUMAN-READABLE, living, breathing, changing document FOR THE NON-TECHNICAL USER such that the user can learn linux operations. NO SINGLE PERSON OR ENTITY CAN BE MADE LIABLE IN ANY CIVIL OR CRIMINAL COURT FOR ITS CONTENTS, NOR TO GUARANTEE FITNESS OR WARRANTIES FOR A PARTICULAR PURPOSE. IT IS PROVIDED 'AS IS' IN THE HOPE THAT IT WILL BE (***VERY***) USEFUL. ## It is considered a 'CYPHER'CRIME for a person connected to the DIGITAL COLONIZATION, which include any employee of, investor in, or any person who has a close family member, friend or associate who is invested in, or an employee of any entity listed in THE DIGITAL FEUDALISTS section of this document, to publish or make available for publish, adaptations to this document, while they have any such CONFLICT(S) OF INTEREST and for a TIME PERIOD OF NO LESS THAN (4) FOUR YEARS since having such CONFLICT(S) OF INTEREST. ## The current DIGITAL FEUDALISTS are AKAMAI, ALIBABA, AMAZON, APPLE, CLOUDFLARE, FACEBOOK, GOOGLE, MICROSOFT, MUSK (incl. SPACEX, TESLA, STARLINK and TWITTER), ORACLE and TENCENT. ## Note that BYTEDANCE, FASTLY, LITESPEED, NETFLIX, REDDIT and YANDEX only partially met below criteria and thus not included. ## END OF LICENSE ## CHANGELOG: ## 2023-05 - 0.2.0 - Unsender ## - FIX: List 'papirus-icon-theme' package as a required dependency. ## - FIX: Original version year from "2022" to "2023" ## - FEATURE: Added ALIBABA and TENCENT as feudalists ## - FEATURE: Added icon for AKAMAI + better (anti) icon for APPLE + optimised icon selection ## ## 2023-03 - 0.1.0 - Unsender ## - Original release, knowing that its far from complete/perfect, thus the '0.1.0' numbering. ## ## END OF CHANGELOG ## Set field separator or you get output like: ## ## Mar ## 23 ## 12:44:49 ## kernel: ## Amazon ## outgoing ## blocked: IFS=$'\n'; declare -A gIDToName # associative array declared with capital 'A' not 'a' (see Bash reference manual) aboutOneSecondAgo='1 second ago' ## Regular expressions ## ------------------- REGEX_INTEGER='^[0-9]+$' # test for integer (note: to test for decimals you'd use # '^[0-9]+([.][0-9]+)?$'. For signed numbers add [+-]? # after the (^) 'starts with' hat symbol. REGEX__DFCA_LAW='^_d_f_c_a_law_' # reg'ex that means (^) 'starts with' "_d_f_c(...)" REGEX__MYCOMPUTER_NAME="^$(who|sed 's/ .*//g')" DISPLAY__DFCA_LAW='DFCA Law' DISPLAY__DFCA_INTERNET_LAW="DFCA (Antitrust) Law" ## Infinate loop executed each second while true; do ## TEST OFFLINE # for line in $(echo 'Mar 34 13:32:43 boulder-cypherpunk kernel: Yandex outgoing blocked: IN= OUT=wlp5s0 SRC=192.168.1.7 DST=34.107.221.82 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50224 DF PROTO=TCP SPT=56116 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 UID=1000 GID=973') ; do ## Get all blocked connections in the last second, as reported by the -k kernal for line in $(journalctl -k --since "$aboutOneSecondAgo"| grep 'IN=.*OUT=.*') ; do aboutOneSecondAgo=$(date +'%F %H:%M:%S') # reset each second # %F=(date like %+4Y-%m-%d) %H:%M:%S=%X=(locale's time like 23:13:48) ## Message, described between 'kernal: ' and ':' message=$(echo $line | sed 's/.*kernel: //g' | sed 's/:.*//g') ## Source port probe (which did not work) ## ----------------- ## Newbies don't need to know the following, but... ## A failed attempt to get the name of the app that made the request was to use ## the pid provided in the line directly, but apps start a temporary process ## and when the connection is refused the process is killed, thus the ## offending program cannot be tracked that way. Using the source port of the ## request, again, has the same issue. The source port is the port being ## listened to by the temp process, and is useless. The following commands ## were thus not helpful: # ss -lpn 'sport = :7657' | grep pid | sed 's/.*(("//g' | sed 's/",pid=/ (/g' | sed 's/,.*/)/g' | sort -u # sourcePort=$(echo $line | sed 's/.*SPT=//g' | sed 's/ .*//g') # offendingApp=$(echo ss -lpn "sport = :$sourcePort" | grep pid | sed 's/.*(("//g' | sed 's/",pid=/ (/g' | sed 's/,.*/)/g' | sort -u) ## ## The trick is involved but simple. Special groups are created for each "app ## of interest". Eg: ## _d_f_c_a_law__firefox ## _d_f_c_a_law__i_2_p ## _d_f_c_a_law__tor-browser ## The groups above are assigned a GID which gets logged by `IPTables' with the ## 'LOG' option, '--log-uid'. From this number we get the group name, and ## extract/generate a nice human readable string featuring only the app name. ## Notice how 'group names' cannot include capitals. To use capitals as in ## 'I2P' and 'Tor browser' some fancy 'sed'work (explained below) is done. ## Follow instructions in the DFCA Law's section titled 'Catch an app ## breaking DFCA Law' to safely implement the groups. ```````````` ## ````````````````` ## Identify the GID and groupname theGID=$(echo "$line" | sed 's/.*GID=//g' | sed 's/ .*//g') if [[ $theGID =~ $REGEX_INTEGER ]] ; then if [ -z ${gIDToName[$theGID]} ] # if null then theGroupName=$(getent group "$theGID" | cut -d: -f1) if [[ $theGroupName =~ $REGEX__DFCA_LAW ]] ; then # Make name pretty theGroupName=$(echo "$theGroupName" | sed 's/_d_f_c_a_law_//g') # omit DFCA_Law namespacer theGroupName=$(echo "$theGroupName" | sed 's/-/ /g') # turn '-' to spaces theGroupName=$(echo "$theGroupName" | sed 's/___*/ _/g') # turn '__' to ' _' theGroupName=$(echo "$theGroupName" | sed 's/_\(.\)/\U&/g' | sed 's/_//g') # '_[a-z]' to '[A-Z]' # ... and add signature to end of string theGroupName=$(echo "$theGroupName (GID=$theGID) ~ $DISPLAY__DFCA_LAW") fi # If groupName is your computer_name simply attribute the "internet law" generally. if [[ $theGroupName =~ $REGEX__MYCOMPUTER_NAME ]] ; then theGroupName="$DISPLAY__DFCA_INTERNET_LAW" fi # Store the result gIDToName[$theGID]=$theGroupName else theGroupName=${gIDToName[$theGID]} fi fi ## Identify the tech giant techGiantName=$(echo "$message" | sed 's/ .*//g') ## Icon select if [ $techGiantName = 'Cloudflare' ] ; then icon='cloud-upload' elif [ $techGiantName = 'Amazon' ] ; then icon='amazon-store' elif [ $techGiantName = 'Akamai' ] ; then icon='/usr/bin/law-DFCA/akamai.svg' elif [ $techGiantName = 'Microsoft' ] ; then icon='im-msn' elif [ $techGiantName = 'Google' ] ; then icon='fcitx-googlepinyin' elif [ $techGiantName = 'Oracle' ] ; then icon='/usr/bin/law-DFCA/oracle.svg' elif [ $techGiantName = 'Tencent' ] ; then icon='1cestart' elif [ $techGiantName = 'Alibaba' ] ; then icon='asciiportal' elif [ $techGiantName = 'SpaceX' ] ; then icon='/usr/bin/law-DFCA/spacex.svg' elif [ $techGiantName = 'Facebook' ] ; then icon='im-facebook' elif [ $techGiantName = 'Apple' ] ; then icon='checkra1n' elif [ $techGiantName = 'Yandex' ] ; then icon='yandex-browser' else icon='crosshairs' fi notify-send -t 5000 -i "$icon" "$message" "$theGroupName" done sleep 1 # sec done # Unset field separator unset IFS;