HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers. It supports custom rules with netfilter (block ports, hidden mode, rootkit functions etc).
The motivation is basically another layer of protection, much like a hidden firewall – setting securelevel to 2 on BSD would have a similar effect.
In a typical attack, the bad actor can alter your IPTables or UFW rules – with HiddenWall you still have another layer that can block external access because it hooks directly into netfilter from kernel land.
The author created it to protect his own servers but realised it also helps people who can’t write low-level code roll their own customized, hidden kernel modules.
If you can write low-level code, you can always add more module templates to HiddenWall.
Installing HiddenWall to Create Hidden Kernel Modules
Verify if the kernel version is 3.x, 4.x or 5.x:
|
1 |
uname -r |
Clone the repository
|
1 |
git clone https://github.com/CoolerVoid/HiddenWall |
Enter the folder
|
1 |
cd HiddenWall/module_generator |
Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ cat rules/server.yaml module_name: SandWall public_ports: 80,443,53 unhide_key: AbraKadabra hide_key: Shazam fake_device_name: usb14 liberate_in_2_out: True whitelist: - machine: ip: 192.168.100.181 open_ports: 22,21 - machine: ip: 192.168.100.22 open_ports: 22 |
If you want to study the static code to generate, look the content at directory “templates”.
Then you would want to generate a kernel module following your YAML file of rules:
|
1 |
$ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml |
Then install it with insmod.
You can download HiddenWall here:
Or read more here.