Skip to content

Releases: c0m4r/paranoya

LOKI-daemonized 1.0.1

05 Jan 04:28
@c0m4r c0m4r
1.0.1
e06db11
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
LOKI-daemonized 1.0.1

Fixed

  • missing module name
Assets 2
Loading

LOKI-daemonized 1.0.0

05 Jan 03:06
@c0m4r c0m4r
1.0.0
2f18865
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
LOKI-daemonized 1.0.0

Changed

  • code refactoring and cleanup
  • dropping support for non-linux platforms
  • loki-upgrader program updates now uses Loki-daemonized repo
  • loki_client.py renamed to loki-client.py to match loki-upgrader.py convention
  • docker, flatpak, init files and img moved to ./addons/
  • example excludes disabled by default

Removed

  • removed any non-linux code
  • removed non-linux deps
  • removed patch file as it no longer makes sense due to the depth of changes
  • future module no longer used, removed from requirements.txt
Assets 2
Loading

LOKI-daemonized 0.51.0-d2

04 Jan 13:14
@c0m4r c0m4r
0.51.0-d2
13dc76f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
LOKI-daemonized 0.51.0-d2

Added

  • added missing exceptions
  • added stripping socket data
  • flatpak builder files
Assets 2
Loading

LOKI-daemonized 0.51.0-d1

03 Jan 05:25
@c0m4r c0m4r
0.51.0-d1
8e6b4c4
This commit was signed with the committer’s verified signature.
c0m4r
GPG key ID: 1C7236AEBD0D2EB9
Learn about vigilant mode.
Compare
Choose a tag to compare
LOKI-daemonized 0.51.0-d1

Changes

  • Focuses on Linux
  • Single file scan if given path is a file
  • Daemon mode -d with listening socket --listen-host 127.0.0.1 --listen-port 1337 accepting scans requested from loki_client.py
  • PID file loki.pid is created in the program directory if running in daemon mode, you change its path with --pidfile /path/to/pidfile
  • Optional auth key --auth somethingRandomHere in daemon mode (just a dumb string authorization, can be intercepted and read from the process list)
  • You can disable one or more yara files, f.e. --disable-yara-files apt_vpnfilter.yar,yara_mixed_ext_vars.yar
  • Exclude files by hash as proposed by rafaelarcanjo in Neo23x0/Loki/pull/204. See: /config/excludes.cfg
  • Initial implementation of process scanning under Linux (scan_processes_linux()):
    • File Name Checks: works with signature-base/iocs/filename-iocs.txt (note: linux iocs missing by default)
    • Process connections: for now, it only shows detected connections per process
    • Process Masquerading Detection: reports non-empty /proc/PID/maps of processes that uses square brackets in their cmdlines

Derived from https://github.com/Neo23x0/Loki/blob/5b7175882a9b7247714b47347c2f9dccdf38d894/loki.py

New arguments

  -d                    Run as a daemon
  --pidfile PIDFILE     Pid file path (default: loki.pid)
  --listen-host LISTEN_HOST
                        Listen host for daemon mode (default: localhost)
  --listen-port LISTEN_PORT
                        Listen port for daemon mode (default: 1337)
  --auth AUTH           Auth key, only in daemon mode
  --disable-yara-files DISABLE_YARA_FILES
                        Comma separated list of yara files to disable

Diff: loki-daemonized.patch

Assets 2
Loading