cloudiatr: Remote operating system eviction made easy
cloudiatr makes reproducibly installing ElectroBSD and other FreeBSD-based operating systems more convenient (for some values of
The previously running operating system is evicted, backups should be done before the eviction.
Data integrity matters, thus OpenZFS is used for everything.
By default, two ZFS pools are created at install-time. An unencrypted boot pool
and an encrypted root pool for the rest of the operating system.
cloudiatr reserves the remaining disk space for a third encrypted data pool,
but does not create the pool itself, so you can do it after the reboot, using the potentially
more trustworthy kernel and binaries that have been installed previously.
The unencrypted boot pool can (and should be) overwritten once the system is running and recreated before
intentional reboots. Running the system without usable boot pool prepares it for getting
confiscated as a result of sloppy or malicious police investigations and similar threats.
cloudiatr was designed to merely make storing zogftw backups on other people's computers
the cloud) more convenient, but of course it can also be used for systems you control
and trust and to create bootable USB sticks.
cloudiatr should not be confused with Claudia (who has a Schäferhund).
The police men in the picture did not use
first eviction attempt
failed. Coincidence? I think not.
Getting sshd working on the eviction target and creating
cloudiatr.conf is left as exercise for the reader ...
fk@r500 ~/git/cloudiatr $ scp cloudiatr cloudiatr.conf firstname.lastname@example.org:/root/ cloudiatr 100% 16KB 16.1KB/s 00:00 cloudiatr.conf 100% 1085 1.1KB/s 00:00 fk@r500 ~/git/cloudiatr $ ssh email@example.com ./cloudiatr evict cloudiatr (7073cbb) can't wait to evict 'polizei-erziehung.fabiankeil.de' ... CLOUDIATR_DISKS='/dev/ada0 /dev/ada1' CLOUDIATR_CHECKSUM_SMECKSUM='false' CLOUDIATR_DEFAULTROUTER='22.214.171.124' CLOUDIATR_HOSTNAME='polizei-erziehung.fabiankeil.de' CLOUDIATR_IP_ADDRESS='126.96.36.199' CLOUDIATR_MURDER_DEATH_KILL_REQUESTED='true' CLOUDIATR_NETMASK='0xffffffc0' CLOUDIATR_NEW_USER='cloudiatr' CLOUDIATR_GELI_KEY_LENGTH='256' Depending on your jurisdiction, 'eviction without consent' may be against the law. cloudiatr doesn't bother to make backups of the existing data. That's what zogftw is for. cloudiatr: Continue eviction? [y/n] y cloudiatr: You really asked for it. Murder death kill in progress ... cloudiatr: Eviction in progress ... cloudiatr: Clearing gpart leftovers ... /dev/ada0 ada0 destroyed /dev/ada1 ada1 destroyed cloudiatr: Setting up gpart ... /dev/ada0 ada0 created ada0p1 added bootcode written to ada0 ada0p2 added ada0p3 added ada0p4 added ada0p5 added /dev/ada1 ada1 created ada1p1 added bootcode written to ada1 ada1p2 added ada1p3 added ada1p4 added ada1p5 added cloudiatr: Creating bpool on /dev/ada0p2 /dev/ada1p2 ... cloudiatr: Initialising geli on /dev/ada0p3 ... cloudiatr: Initialising geli on /dev/ada1p3 ... cloudiatr: geli-attaching /dev/ada0p3 cloudiatr: geli-attaching /dev/ada1p3 cloudiatr: Creating rpool on /dev/ada0p3.eli /dev/ada1p3.eli ... cloudiatr: Checking image checksum ... SHA256 (/tmp/FreeBSD-10.1-RELEASE-amd64-memstick.img) = 7a071894f12454442cf24ee4f19c2d21e2a8a79d54c83541d2cb7b9f48497b3e cloudiatr: Loading kernel modules from FreeBSD image ... crypto geom_eli opensolaris zfs cloudiatr: Extracting base cloudiatr: Extracting kernel (without symbols) /cloudiatr/rpool.key -> bpool/boot/rpool.key /cloudiatr/geli-backups/ada0p3.eli -> /cloudiatr/rpool/var/backups/ada0p3.eli /cloudiatr/geli-backups/ada1p3.eli -> /cloudiatr/rpool/var/backups/ada1p3.eli cloudiatr: Writing /cloudiatr/rpool/boot/loader.conf ... cloudiatr: Writing /cloudiatr/rpool/etc/rc.conf ... cloudiatr: Writing /cloudiatr/rpool/etc/fstab ... cloudiatr: Writing /cloudiatr/rpool/etc/resolv.conf ... cat: /etc/resolv.conf: No such file or directory cloudiatr: Setting root passwd Changing local password for root New Password: Retype New Password: Writing entropy file:. Generating RSA host key. 2048 bd:97:aa:20:40:16:c5:f1:16:82:50:3b:29:08:98:bf firstname.lastname@example.org (RSA) Generating ECDSA host key. 256 39:5f:15:52:6e:4c:45:06:47:4f:87:d6:a3:3a:69:a5 email@example.com (ECDSA) Generating ED25519 host key. 256 ef:db:4f:a0:d4:10:95:fe:5d:d0:7f:82:a3:77:26:60 firstname.lastname@example.org (ED25519) /usr/sbin/sendmail -bi -OAliasFile=/etc/mail/aliases /etc/mail/aliases: 29 aliases, longest 10 bytes, 297 bytes total chmod 0640 /etc/mail/aliases.db Setting date via ntp. 4 Jan 16:41:14 ntpdate: step time server 188.8.131.52 offset 0.984920 sec cloudiatr: Creating cloudiatr /root/.ssh/authorized_keys -> /cloudiatr/rpool/home/cloudiatr/.ssh/authorized_keys Preparing mounpoints on rpool ... Exporting bpool ... Looks like somebody managed to install a real operating system ... cloudiatr: Reboot now? [y/n] y # *** FINAL System shutdown message from email@example.com *** System going down IMMEDIATELY System shutdown time has arrived Connection to polizei-erziehung.fabiankeil.de closed by remote host. Connection to polizei-erziehung.fabiankeil.de closed. fk@r500 ~/git/cloudiatr $fancy-ping polizei-erziehung 1 [...] 2015-01-04 16:54:19: polizei-erziehung didn't respond in time 2015-01-04 16:54:23: polizei-erziehung didn't respond in time 2015-01-04 16:54:24: polizei-erziehung is alive ^C # 1. Some mundane details that haven't been automated yet # 2. ... # 3. profit! fk@r500 ~/git/cloudiatr $ssh polizei-erziehung.fabiankeil.de OnionBSD (CLOUDIATR) #674 r276255+54e52d3(fk): Fri Dec 26 23:01:10 CET 2014 Welcome to OnionBSD! $ su Password: root@polizei-erziehung:/home/fk # ./cloudiatr soft-protect CLOUDIATR_DISKS='/dev/ada1 /dev/ada2' CLOUDIATR_CHECKSUM_SMECKSUM='false' CLOUDIATR_DEFAULTROUTER='184.108.40.206' CLOUDIATR_HOSTNAME='polizei-erziehung.fabiankeil.de' CLOUDIATR_IP_ADDRESS='220.127.116.11' CLOUDIATR_MURDER_DEATH_KILL_REQUESTED='true' CLOUDIATR_NETMASK='0xffffffc0' CLOUDIATR_NEW_USER='cloudiatr' CLOUDIATR_GELI_KEY_LENGTH='256' cloudiatr: Put OnionBSD in 'Soviet Germany' mode? [y/n] y cloudiatr: Destroying bpool ... cloudiatr: Use 'geli kill -a' to 'hard-protect' your data right now. No recovery without remote backups! cloudiatr: Nuking former bpool vdevs from orbit ... cloudiatr: Done. OnionBSD should remain working as expected until the next shutdown ... cloudiatr: Remember to 'unprotect' the system before consensual reboots (or use the opportunity to test your backup system)
In case you are wondering, OnionBSD was the internal code name for ElectroBSD.
cloudiatr is free software and included in the
ElectroBSD patch set:
Copyright (c) 2014-2022 Fabian Keil <firstname.lastname@example.org> Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ALL YOUR DATA IS BELONG TO THE SOFTWARE AND MAY BE EATEN BY IT. IF THAT IS NOT ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE.
An enterprise license (two sentences shorter and most likely already approved by the relevant legal department) is available upon request. The details are in the ElectroBSD funding section.