health-control
Health control system for Kodachi that includes network connectivity checks and system health monitoring
Version: 9.0.1 | Size: 29.2MB | Author: Warith Al Maawali
License: Proprietary | Website: https://www.digi77.com
File Information
| Property | Value |
|---|---|
| Binary Name | health-control |
| Version | 9.0.1 |
| Build Date | 2025-09-23T19:19:59.326373219Z |
| Rust Version | 1.82.0 |
| File Size | 29.2MB |
| JSON Data | View Raw JSON |
SHA256 Checksum
Features
| Feature | Description |
|---|---|
| Feature | Network connectivity monitoring |
| Feature | Internet traffic control |
| Feature | Security hardening |
| Feature | System integrity checking |
| Feature | Offline system management |
Security Features
| Feature | Description |
|---|---|
| Authentication | Secure authentication with certificate pinning |
| Encryption | TLS 1.3 for all network communications |
| Inputvalidation | All inputs are validated and sanitized |
| Ratelimiting | Built-in rate limiting for network operations |
System Requirements
| Requirement | Value |
|---|---|
| OS | Linux (Debian-based) |
| Privileges | root/sudo for system operations |
| Dependencies | OpenSSL, libcurl |
Global Options
| Flag | Description |
|---|---|
-h, --help |
Print help information |
-v, --version |
Print version information |
-n, --info |
Display detailed information |
-e, --examples |
Show usage examples |
--json |
Output in JSON format |
--json-pretty |
Pretty-print JSON output with indentation |
--json-human |
Enhanced JSON output with improved formatting (like jq) |
--verbose |
Enable verbose output |
--quiet |
Suppress non-essential output |
--no-color |
Disable colored output |
--config <FILE> |
Use custom configuration file |
--timeout <SECS> |
Set timeout (default: 30) |
--retry <COUNT> |
Retry attempts (default: 3) |
Commands
Data Destruction
wipe-file
Securely wipe a file with multiple passes
Usage:
Examples:
wipe-directory
Securely wipe an entire directory and its contents
Usage:
Examples:
wipe-logs
Wipe system and application logs
Usage:
Examples:
wipe-batch
Batch wipe multiple files
Usage:
Examples:
wipe-browser-data
Wipe browser data and history
Usage:
Examples:
wipe-free-space
Securely wipe free space on a device
Usage:
Examples:
wipe-pattern
Set wipe pattern (dod, gutmann, random, zeros)
Usage:
Examples:
wipe-schedule
Schedule automatic data wiping
Usage:
Examples:
wipe-verify
Verify that a file was wiped properly
Usage:
Examples:
Emergency Operations
kill-switch-arm
Arm the emergency kill switch - enables monitoring mode for automatic panic activation on security events (network intrusions, unauthorized access, system tampering). Does NOT take immediate action, only prepares system for rapid response.
Usage:
Examples:
kill-switch-disarm
Disarm the emergency kill switch
Usage:
Examples:
kill-switch-status
Check if kill switch monitoring is armed/disarmed. Shows armed time, trigger count, and monitoring state. Does NOT activate anything - just displays current status.
Usage:
Examples:
kill-switch-activate
IMMEDIATELY activate emergency procedures. Unlike 'arm' which monitors, this executes panic mode NOW. Choose level: soft (network+lock), medium (default: +kill processes), hard (+RAM wipe+shutdown)
Usage:
Examples:
panic-soft
IMMEDIATE soft panic mode. Actions: Kill all network connections, clear clipboard, lock screen. NO CONFIRMATION. Reversible by restarting network. Use for quick privacy protection.
Usage:
Examples:
panic-hard
IMMEDIATE hard panic mode with CONFIRMATION. CRITICAL: Kill network, terminate ALL processes, wipe RAM with secure overwrite, shutdown in 1 minute. IRREVERSIBLE - system will shutdown!
Usage:
Examples:
panic-medium
IMMEDIATE medium panic mode with CONFIRMATION. Actions: Kill network, terminate non-essential processes, clear memory, unmount devices, lock screen. Requires system restart to fully restore.
Usage:
Examples:
panic-profile
Set panic profile (stealth, paranoid, recovery)
Usage:
Examples:
panic-recover
Activate panic recovery mode
Usage:
Examples:
create-recovery-point
Create system recovery checkpoint
Usage:
Examples:
Hardware Security
hardware-rng-verify
Verify hardware random number generator status
Usage:
Examples:
entropy-status
Check system entropy pool status and quality
Usage:
Examples:
coldboot-defense-enable
Enable cold boot defense mechanisms
Usage:
Examples:
coldboot-defense-disable
Disable cold boot defense mechanisms
Usage:
Examples:
boot-integrity-check
Check boot chain integrity and security status
Usage:
Examples:
Hostname Management
set-default-hostname
Set the default hostname
Usage:
Examples:
set-random-hostname
Set a random hostname
Usage:
Examples:
set-custom-hostname
Set a custom hostname
Usage:
Examples:
Internet Traffic Control
block-internet
Block all internet traffic
Usage:
Examples:
unblock-internet
Unblock internet traffic
Usage:
Examples:
internet-status
Check internet blocking status
Usage:
Examples:
recover-internet
Recover internet connectivity
Usage:
Examples:
kill-network
Emergency network kill switch
Usage:
Examples:
kill-network-interface
Kill specific network interface
Usage:
Examples:
kill-process
Kill specific process by name or PID
Usage:
Examples:
MAC Address Management
mac-change-all
Change all MAC addresses
Usage:
Examples:
mac-force-change
Force change all MAC addresses (disable interfaces first)
Usage:
Examples:
mac-change-specific
Change specific interface MAC address
Usage:
Examples:
mac-show-interfaces
Show available network interfaces
Usage:
Examples:
mac-show-macs
Show current MAC addresses
Usage:
Examples:
mac-reset-all
Reset all MAC addresses to default
Usage:
Examples:
mac-active-interface
Show active network interface
Usage:
Examples:
Memory Management
memory-clean
Clean memory caches and buffers
Usage:
Examples:
memory-force-clean
Force clean memory by killing top process
Usage:
Examples:
memory-wipe
Secure RAM wipe (sdmem)
Usage:
Examples:
memory-wipe-process
Wipe memory of specific process
Usage:
Examples:
memory-limits
Manage process memory limits
Usage:
Examples:
memory-stats
Display memory statistics and history
Usage:
Examples:
swap-configure
Configure swap settings
Usage:
Examples:
disable-swap
Disable swap memory
Usage:
Examples:
enable-swap
Enable swap memory
Usage:
Examples:
ram-wipe-enable
Enable automatic RAM wiping on shutdown
Usage:
Examples:
ram-wipe-disable
Disable automatic RAM wiping
Usage:
Examples:
Network Connectivity
net-check
Check network connectivity (IP and DNS only)
Usage:
Options:
- --timeout <SECONDS>: Timeout in seconds for each connectivity check
- --http: Include HTTP connectivity check
- --ip-only: Check IP connectivity only, skip DNS checks
- --domain-only: Check domain connectivity only, skip IP ping
Examples:
net-check-http
Check network connectivity including HTTP
Usage:
Examples:
list-ips
List IPs used for connectivity testing
Usage:
Examples:
list-domains
List domains used for connectivity testing
Usage:
Examples:
Offline Actions
offline-bluetooth
Enable/disable/check Bluetooth service
Usage:
Examples:
offline-wifi
Manage WiFi connectivity
Usage:
Examples:
offline-usb-storage
Manage USB storage devices
Usage:
Examples:
offline-webcam
Manage webcam device
Usage:
Examples:
offline-microphone
Manage microphone device
Usage:
Examples:
offline-systemlogs
Manage system logging
Usage:
Examples:
offline-cups
Manage CUPS printing service
Usage:
Examples:
offline-networkmanager
Manage NetworkManager service
Usage:
Examples:
offline-numlock
Manage NumLock configuration
Usage:
Examples:
offline-cmdhistory
Manage command history
Usage:
Examples:
offline-autologin
Enable/disable/check auto-login functionality
Usage:
Examples:
offline-screen-lock
Manage screen locking
Usage:
Examples:
offline-fdlimit
Enable/disable/check file descriptor limits
Usage:
Examples:
offline-netoptimize
Enable/disable/check network optimization
Usage:
Examples:
offline-bbr
Enable/disable/check BBR congestion control
Usage:
Examples:
offline-ifspeed
Enable/disable/check interface speed optimization
Usage:
Examples:
offline-avahi
Manage Avahi daemon service
Usage:
Examples:
offline-modem-manager
Manage ModemManager service
Usage:
Examples:
offline-ssh
Manage SSH daemon service
Usage:
Examples:
offline-apache
Manage Apache web server service
Usage:
Examples:
offline-nginx
Manage Nginx web server service
Usage:
Examples:
offline-docker
Manage Docker container service
Usage:
Examples:
offline-mysql
Manage MySQL database service
Usage:
Examples:
offline-postgresql
Manage PostgreSQL database service
Usage:
Examples:
Security
security-status
Show comprehensive security status
Usage:
Examples:
Security Assessment
security-score
Calculate security score and get recommendations
Usage:
Examples:
security-report
Generate comprehensive security report
Usage:
Examples:
security-profile
Set security profile and thresholds
Usage:
security-history
View security configuration history
Usage:
Examples:
security-remediate
Auto-remediate security issues
Usage:
Examples:
security-schedule
Schedule security scans (hourly, daily, weekly, monthly, disable)
Usage:
Examples:
rootkit-scan-enhanced
Enhanced rootkit scanning with multiple tools
Usage:
Examples:
lynis-audit
Run Lynis security audit
Usage:
Examples:
lynis-status
Check Lynis installation status
Usage:
Examples:
clamav-scan
Scan system with ClamAV antivirus
Usage:
Examples:
system-audit
Perform comprehensive system security audit
Usage:
Examples:
Security Hardening
security-harden
Apply comprehensive security hardening
Usage:
Examples:
security-verify
Verify if security hardening is properly applied (checks all 7 modules and reports their status)
Usage:
Examples:
security-recover
Temporarily revert security hardening (keeps framework enabled for quick re-hardening)
Usage:
Examples:
security-reset
Completely disable all security modules and framework (permanent removal)
Usage:
Examples:
monitoring-enable
Enable system monitoring features
Usage:
Examples:
monitoring-disable
Disable system monitoring features
Usage:
Examples:
ipv6-disable
Disable IPv6 system-wide
Usage:
Examples:
ipv6-enable
Enable IPv6 system-wide
Usage:
Examples:
tirdad-enable
Enable Tirdad TCP ISN randomization
Usage:
Examples:
tirdad-disable
Disable Tirdad TCP ISN randomization
Usage:
Examples:
tirdad-status
Check Tirdad TCP ISN randomization status
Usage:
Examples:
ipv6-status
Check IPv6 status
Usage:
Examples:
ram-wipe
Enable secure RAM wiping on shutdown
Usage:
Examples:
ram-wipe-status
Check RAM wipe configuration and status
Usage:
Examples:
disk-encryption-status
Check disk encryption status and security
Usage:
Examples:
swap-enable
Enable swap partition/file
Usage:
Examples:
swap-disable
Disable swap partition/file
Usage:
Examples:
swap-encrypt
Encrypt swap partition/file
Usage:
Examples:
swap-status
Check swap status and configuration
Usage:
Examples:
swap-decrypt
Decrypt encrypted swap partition/file
Usage:
Examples:
swap-encrypt-status
Check swap encryption status
Usage:
Examples:
usb-list
List all USB devices
Usage:
Examples:
luks-nuke
Manage LUKS nuke passwords
Usage:
Examples:
luks-manage
Manage LUKS encrypted devices
Usage:
Examples:
luks-nuke-advanced
Advanced LUKS nuke configuration (emergency wipe)
Usage:
Examples:
luks-remove
Remove LUKS encryption from device
Usage:
Examples:
luks-manage-advanced
Advanced LUKS device management
Usage:
Examples:
health-control luks-manage-advanced --action backup-header --device /dev/sdb1 --backup-file /tmp/header.backup
health-control luks-manage-advanced --action restore-header --device /dev/sdb1 --backup-file /tmp/header.backup
create-persistence
Create encrypted persistence file
Usage:
Examples:
encryption-status
Check storage encryption status
Usage:
Examples:
container-create
Create encrypted container
Usage:
Examples:
container-mount
Mount encrypted container
Usage:
Examples:
container-unmount
Unmount encrypted container
Usage:
Examples:
Security Tools
rootkit-scan
Quick rootkit scan (fast, essential checks)
Usage:
Examples:
kloak-status
Check Kloak keyboard anonymization status
Usage:
Examples:
kloak-enable
Enable Kloak keyboard anonymization
Usage:
Examples:
kloak-disable
Disable Kloak keyboard anonymization
Usage:
Examples:
kloak-configure
Configure Kloak keystroke anonymization settings
Usage:
Examples:
kloak-event-mode
Set Kloak event processing mode
Usage:
Examples:
kloak-stats
Show Kloak keystroke anonymization statistics
Usage:
Examples:
aide-update
Update AIDE database after legitimate changes
Usage:
Examples:
aide-check
Check file integrity with AIDE
Usage:
Examples:
aide-init
Initialize AIDE database for file integrity monitoring
Usage:
Examples:
aide-reinit
Reinitialize AIDE database (reset baseline)
Usage:
Examples:
aide-scan-dir
Scan specific directory with AIDE
Usage:
Examples:
Storage Security
storage-wipe
Securely wipe storage devices and free space
Usage:
Examples:
storage-encrypt
Encrypt a storage device
Usage:
Examples:
encryption-tune
Optimize encryption performance and security settings
Usage:
Examples:
System Control
get-hostname
Get the current hostname
Usage:
Examples:
change-hostname
Change hostname (prompts for new hostname)
Usage:
Examples:
list-hostnames
List available hostnames by category
Usage:
Examples:
set-random-hostname-category
Set a random hostname from a specific category
Usage:
Examples:
get-logged-user
Get the actual logged-in user (handles sudo correctly)
Usage:
Examples:
show-timezone
Show current system timezone
Usage:
Examples:
sync-timezone
Sync timezone based on IP geolocation
Usage:
Examples:
show-remote-timezone
Show timezone based on current IP location
Usage:
Examples:
set-timezone
Set system timezone
Usage:
Examples:
list-timezones
List available timezones by category
Usage:
Examples:
set-random-timezone
Set a random timezone from a specific category
Usage:
Examples:
play-sound
Play notification sound
Usage:
Examples:
notify
Send desktop notification
Usage:
Examples:
System Information
offline-info-system
Display comprehensive system information
Usage:
Examples:
offline-info-hardware
Display hardware information
Usage:
Examples:
offline-info-process
Display process information
Usage:
Examples:
offline-info-security
Display security and encryption status
Usage:
Examples:
offline-info-network
Display network information
Usage:
Examples:
offline-info-user
Display user information
Usage:
Examples:
offline-info-storage
Display storage information
Usage:
Examples:
offline-info-services
Display system services information
Usage:
Examples:
offline-info-all
Display all system information
Usage:
Examples:
System Maintenance
auto-updates-enable
Enable automatic security updates
Usage:
Examples:
auto-updates-disable
Disable automatic security updates
Usage:
Examples:
auto-updates-status
Check automatic updates status
Usage:
Examples:
system-maintenance-enable
Enable system maintenance settings
Usage:
Examples:
system-maintenance-disable
Disable system maintenance settings
Usage:
Examples:
system-maintenance-status
Check system maintenance status
Usage:
Examples:
password-policy-enable
Enable password policy enforcement
Usage:
Examples:
password-policy-disable
Disable password policy enforcement
Usage:
Examples:
password-policy-status
Check password policy status
Usage:
Examples:
user-security-enable
Enable user security hardening
Usage:
Examples:
user-security-disable
Disable user security hardening
Usage:
Examples:
user-security-status
Check user security status
Usage:
Examples:
2fa-enable
Enable two-factor authentication
Usage:
Examples:
2fa-disable
Disable two-factor authentication
Usage:
Examples:
2fa-status
Check two-factor authentication status
Usage:
Examples:
check-and-install
Check and install required packages
Usage:
Examples:
check-and-install-do
Execute installation after checking dependencies
Usage:
Examples:
package-cleanup
Clean up unnecessary packages
Usage:
Examples:
clear-cache
Clear system memory caches
Usage:
Examples:
USB Security
usb-guard-enable
Enable USB Guard protection
Usage:
Examples:
usb-guard-disable
Disable USB Guard protection
Usage:
Examples:
usb-policy
Manage USB device policies
Usage:
Examples:
usb-monitor
Monitor USB device connections in real-time
Usage:
Examples:
usb-history
View USB device connection history
Usage:
Examples:
usb-whitelist
Manage USB device whitelist
Usage:
Examples:
Examples
Network Connectivity
Test network connectivity and configuration
Test both IP and domain connectivity (DNS only)
Expected Output: Network connectivity statusTest IP and domain connectivity including HTTP
Expected Output: HTTP connectivity test resultsNetwork check with JSON output for automation
Expected Output: JSON formatted network statusHTTP network check with JSON output
Expected Output: JSON formatted HTTP connectivity resultsCheck IP connectivity only, skip DNS checks
Expected Output: IP connectivity test resultsCheck domain connectivity only, skip IP ping
Expected Output: Domain connectivity test resultsUse custom timeout for network checks
Expected Output: Network check with 15 second timeoutIP-only connectivity check with JSON output
Expected Output: JSON formatted IP connectivity resultsDomain-only connectivity check with custom timeout
Expected Output: Domain connectivity test with 20 second timeoutShow IPs used for connectivity testing
Expected Output: List of test IP addressesShow domains used for connectivity testing
Expected Output: List of test domain namesInternet Traffic Control
Block and unblock internet traffic
Block internet using auto-detected method (tries nftables, then iptables, then UFW, then interfaces)
Expected Output: Internet blocked successfullyNote
Without --method specified, health-control automatically selects the best available method
Block using iptables firewall rules
Expected Output: Iptables rules applied successfullyBlock using nftables firewall rules (preferred modern firewall)
Expected Output: Nftables rules applied successfullyBlock using UFW (Uncomplicated Firewall)
Expected Output: UFW rules applied successfullyBlock by disabling network interfaces
Expected Output: Network interfaces disabled successfullyBlock using ALL methods (UFW, nftables, iptables, and interfaces)
Expected Output: All blocking methods applied successfullyNote
Applies all available blocking methods for maximum security
Block internet but allow local network traffic
Expected Output: Internet blocked, local traffic allowedBlock internet with JSON output
Expected Output: JSON formatted blocking statusBlock internet with iptables, allow local, JSON output
Expected Output: JSON formatted blocking status with detailsBlock using ALL methods but allow local network traffic
Expected Output: All blocking methods applied, local traffic allowedUnblock internet traffic
Expected Output: Internet unblocked successfullyUnblock using nftables specifically
Expected Output: Internet unblocked using nftablesUnblock using iptables specifically
Expected Output: Internet unblocked using iptablesUnblock using UFW specifically
Expected Output: Internet unblocked using UFWUnblock ALL methods (clears UFW, nftables, iptables, and re-enables interfaces)
Expected Output: All blocking methods cleared successfullyNote
Ensures complete restoration by clearing all possible blocks
Unblock internet with JSON output
Expected Output: JSON formatted unblocking statusCheck current internet blocking status
Expected Output: Internet traffic statusCheck if internet traffic is blocked with JSON output
Expected Output: JSON formatted block statusNetwork Recovery
Diagnose and fix connectivity issues
Automatically diagnose and fix connectivity issues
Expected Output: Recovery steps performed and statusInclude DNS resolution testing and fixes
Expected Output: Recovery with DNS diagnosticsForce recovery even if connectivity appears working
Expected Output: Forced recovery completion statusTimezone Management
Manage system timezone settings
Sync timezone based on IP geolocation
Expected Output: Timezone synchronized to detected locationShow current system timezone
Expected Output: Current timezone informationSet specific timezone
Expected Output: Timezone set to America/New_YorkList all timezone categories
Expected Output: List of timezone categories with countsList all available timezones
Expected Output: Complete list of timezonesList African timezones
Expected Output: List of African timezonesList American timezones
Expected Output: List of North and South American timezonesList Asian timezones
Expected Output: List of Asian timezonesList European timezones
Expected Output: List of European timezonesList Australian timezones
Expected Output: List of Australian timezonesList Pacific timezones
Expected Output: List of Pacific timezonesList UTC timezones
Expected Output: List of UTC timezonesList timezone categories in JSON format
Expected Output: JSON output of timezone categoriesSet a random timezone from all available
Expected Output: Timezone set to random valueNote
Requires sudo privileges
Set random American timezone
Expected Output: Timezone set to random American timezoneNote
Requires sudo privileges
Set random European timezone
Expected Output: Timezone set to random European timezoneNote
Requires sudo privileges
Set random Asian timezone
Expected Output: Timezone set to random Asian timezoneNote
Requires sudo privileges
Set random African timezone
Expected Output: Timezone set to random African timezoneNote
Requires sudo privileges
Set random Pacific timezone with JSON output
Expected Output: JSON output of timezone changeNote
Requires sudo privileges
MAC Address Management
Change and manage MAC addresses
Change MAC addresses for all interfaces
Expected Output: All MAC addresses changedForce change MAC addresses
Expected Output: MAC addresses force-changedNote
Use when regular change fails
Change MAC for specific interface
Expected Output: MAC address changed for eth0Show all network interfaces
Expected Output: List of network interfacesShow current MAC addresses
Expected Output: List of interfaces and MAC addressesReset all MACs to original values
Expected Output: MAC addresses reset to originalShow active network interface
Expected Output: Currently active network interfaceHostname Management
Get and set system hostname
Get current system hostname
Expected Output: Current hostnameGet hostname in JSON format
Expected Output: JSON formatted hostnameGet the actual logged-in user (handles sudo correctly)
Expected Output: Username of logged-in userNote
Returns actual user even when run with sudo
Get logged user with additional info in JSON format
Expected Output: JSON with username, home directory, and detection methodSet default system hostname
Expected Output: Default hostname setSet random hostname for privacy
Expected Output: Random hostname setSet random hostname with JSON output
Expected Output: JSON formatted hostname change resultSet custom hostname
Expected Output: Hostname set to MyHostSet descriptive custom hostname
Expected Output: Hostname set to privacy-machineSet custom hostname with JSON output
Expected Output: JSON formatted hostname change resultList all hostname categories
Expected Output: List of available hostname categories with countsList all available hostnames
Expected Output: Complete list of all predefined hostnamesList Windows hostnames
Expected Output: List of Windows-style hostnamesList Linux hostnames
Expected Output: List of Linux distribution hostnamesList Apple/Mac hostnames
Expected Output: List of macOS and Apple device hostnamesList hostname categories in JSON format
Expected Output: JSON formatted category list with countsSet random hostname from all categories
Expected Output: Random hostname selected and setSet random Windows hostname
Expected Output: Random Windows-style hostname setSet random Linux hostname
Expected Output: Random Linux distribution hostname setSet random fictional hostname with JSON output
Expected Output: Random fictional hostname set with JSON resultOffline Actions
Manage system services and hardware devices
Enable Bluetooth service
Expected Output: Bluetooth enabled successfullyDisable Bluetooth service
Expected Output: Bluetooth disabled successfullyEnable WiFi service
Expected Output: WiFi enabled successfullyDisable WiFi with persistent blacklisting
Expected Output: WiFi disabled and blacklistedEnable USB storage devices
Expected Output: USB storage access enabledDisable USB storage devices
Expected Output: USB storage access blockedCheck USB storage status with JSON output
Expected Output: JSON formatted USB storage statusEnable webcam devices
Expected Output: Webcam access enabledDisable webcam devices
Expected Output: Webcam access disabledCheck webcam status
Expected Output: Webcam device statusEnable microphone devices
Expected Output: Microphone access enabledDisable microphone devices
Expected Output: Microphone access disabledCheck microphone status
Expected Output: Microphone device statusEnable automatic screen lock
Expected Output: Screen lock enabledCheck screen lock status with JSON output
Expected Output: JSON formatted screen lock statusDisable system logging
Expected Output: System logging disabledDisable CUPS printing service
Expected Output: CUPS printing disabledDisable NetworkManager
Expected Output: NetworkManager disabledEnable NumLock on boot
Expected Output: NumLock enabled on bootDisable command history logging
Expected Output: Command history disabledDisable automatic login
Expected Output: Automatic login disabledSet file descriptor limits
Expected Output: File descriptor limit setEnable network optimizations
Expected Output: Network optimizations enabledCheck network optimization status
Expected Output: Network optimization statusCheck network optimization status with JSON output
Expected Output: JSON formatted network optimization statusEnable BBR congestion control
Expected Output: BBR congestion control enabledCheck BBR congestion control status
Expected Output: BBR status informationConfigure interface speed
Expected Output: Interface speed configuredEnable interface speed optimization
Expected Output: Interface speed optimization enabledDisable interface speed optimization
Expected Output: Interface speed optimization disabledCheck interface speed configuration
Expected Output: Interface speed statusDisable Avahi service discovery
Expected Output: Avahi service disabledNote
Supported services: offline-avahi, offline-modem-manager, offline-ssh, offline-apache, offline-nginx, offline-docker, offline-mysql, offline-postgresql
Disable ModemManager service
Expected Output: ModemManager disabledEnable SSH service
Expected Output: SSH service enabledDisable Apache web server
Expected Output: Apache web server disabledDisable Nginx web server
Expected Output: Nginx web server disabledDisable Docker service
Expected Output: Docker service disabledDisable MySQL database service
Expected Output: MySQL service disabledDisable PostgreSQL database service
Expected Output: PostgreSQL service disabledSystem Information
Display system and hardware information
Display comprehensive system information
Expected Output: System details and configurationDisplay hardware information in JSON
Expected Output: JSON formatted hardware detailsDisplay network configuration
Expected Output: Network interfaces and settingsDisplay all system information
Expected Output: Complete system informationDisplay process information
Expected Output: Running processes and resource usageDisplay security configuration in JSON
Expected Output: Security settings and status in JSON formatDisplay user information
Expected Output: User accounts and permissionsDisplay storage information
Expected Output: Disk usage and filesystem detailsDisplay services information in JSON
Expected Output: System services status in JSON formatSecurity Hardening
Apply and verify comprehensive security settings (7 modules: kernel, process, filesystem, network, memory, monitoring, sandboxing)
Apply standard security hardening (network-safe): kernel hardening, process isolation, filesystem security, memory protection, monitoring, sandboxing - PRESERVES internet connectivity
Expected Output: Security hardening completed (network connectivity preserved)Note
Standard profile maintains system usability and network connectivity
Apply PARANOID profile - WARNING: WILL BREAK INTERNET CONNECTIVITY: All hardening PLUS network isolation, DNS blocking, disabled IP forwarding
Expected Output: Paranoid security applied (network isolated)Note
⚠️ INTERNET CONNECTIVITY DISABLED - To recover: sudo health-control recover-internet
Check if all 7 security modules are enabled and properly configured
Expected Output: Shows each module: ENABLED/DISABLED and configuration statusNote
Use after security-harden to verify settings are applied
Apply only specific modules (kernel sysctl and network firewall)
Expected Output: Applied 2 modules: kernel and network hardeningNote
Modules: kernel, process, filesystem, network, memory, monitoring, sandboxing
Get detailed security score and module status in JSON
Expected Output: Full JSON with category breakdowns (Core/Network/Hardening/Device/Advanced), individual check scores, and specific remediation commandsTemporarily revert security hardening (keeps framework ready for quick re-hardening)
Expected Output: Security recovery completed - modules show 'ENABLED (needs configuration)'Note
Use for troubleshooting. Framework remains enabled for easy re-hardening with security-harden.
Recover only specific security modules
Expected Output: Selected modules recoveredNote
Available modules: kernel, filesystem, network, memory, monitoring, smt
Completely disable all security modules and framework (permanent removal)
Expected Output: All modules show 'DISABLED' - framework completely removedNote
WARNING: Unlike security-recover, this permanently disables the framework. Requires rebuilding to re-enable.
Reset security framework without confirmation prompt
Expected Output: Security framework completely disabledNote
Use --force to skip the confirmation prompt in automation scripts
Enable system security monitoring (auditd, LKRG, file integrity, auth events)
Expected Output: Security monitoring enabledDisable system security monitoring services
Expected Output: Security monitoring disabledEnable Tirdad kernel module for TCP ISN randomization (prevents OS fingerprinting)
Expected Output: Tirdad enabled successfullyDisable Tirdad TCP ISN randomization module
Expected Output: Tirdad disabled successfullyCheck Tirdad TCP ISN randomization module status
Expected Output: Tirdad status: ENABLED/DISABLEDEnable RAM wiping on shutdown
Expected Output: RAM wiping enabledDisable RAM wiping
Expected Output: RAM wiping disabledCheck RAM wipe configuration and status
Expected Output: RAM wipe status with memory info and auto-wipe settingsCheck disk encryption status
Expected Output: Disk encryption configurationEnable swap space
Expected Output: Swap space enabledDisable swap space
Expected Output: Swap space disabledEncrypt swap space
Expected Output: Swap space encryptedCheck swap status and configuration
Expected Output: Displays swap devices, size, usage, and encryption statusDecrypt encrypted swap space
Expected Output: Swap space decryptedNote
Use with caution - decrypting swap reduces security
Check swap encryption status
Expected Output: Shows whether swap is encrypted and encryption detailsList all USB devices
Expected Output: Connected USB devicesCheck LUKS nuke password status
Expected Output: LUKS nuke password configurationConfigure LUKS nuke password
Expected Output: LUKS nuke password configuredNote
Interactive password setup
Create system persistence
Expected Output: System persistence createdShow overall encryption status
Expected Output: System encryption status reportSystem Health Checks
Monitor and check system health
Perform comprehensive system security audit
Expected Output: System audit status reportScan system for rootkits
Expected Output: Rootkit scan resultsCheck system security status
Expected Output: JSON formatted security status infoIPv6 Management
Control and monitor IPv6 protocol settings
Check current IPv6 configuration status
Expected Output: IPv6 Status: ENABLED/DISABLED with interface detailsNote
Shows runtime status, boot config, and active interfaces
Disable IPv6 system-wide (sysctl and GRUB)
Expected Output: IPv6 disabled with details of changes appliedNote
Reboot recommended for full effect
Enable IPv6 system-wide
Expected Output: IPv6 enabled with details of changes appliedNote
Reboot recommended for full effect
Get detailed IPv6 status in JSON format
Expected Output: Complete IPv6 configuration including runtime, boot config, and interfacesSecurity Tools Integration
Advanced security tool integrations
Run comprehensive Lynis security audit
Expected Output: Complete Lynis audit reportNote
Comprehensive security assessment
Check Lynis installation and status
Expected Output: Lynis service statusScan system for rootkits
Expected Output: Rootkit scan resultsInitialize AIDE database
Expected Output: AIDE database created successfullyNote
First time setup required
Check file integrity with AIDE
Expected Output: File integrity check resultsCheck kloak keystroke anonymization status
Expected Output: Kloak service status and configurationEnable kloak keystroke anonymization
Expected Output: Kloak enabled successfullyDisable kloak keystroke anonymization
Expected Output: Kloak disabled successfullyConfigure kloak with 200ms delay
Expected Output: Kloak configured with custom delaySet kloak event mode to no-delay
Expected Output: Kloak event mode setShow kloak statistics and performance
Expected Output: Kloak performance statisticsUpdate AIDE database
Expected Output: AIDE database updatedScan specific directory with AIDE
Expected Output: Directory scan resultsReinitialize AIDE database
Expected Output: AIDE database reinitializedNote
Recreates database from scratch
Enhanced rootkit scanning with deep analysis
Expected Output: Enhanced rootkit scan resultsNote
More thorough than basic rootkit scan
Enable cold boot attack defense
Expected Output: Cold boot defense enabledMemory and Storage Security
Advanced memory management and storage security
Show current memory statistics
Expected Output: Memory usage and performance metricsList all LUKS devices
Expected Output: LUKS device status and configurationConfigure nuke password interactively
Expected Output: LUKS nuke password configuredNote
Interactive password setup
USB and Device Security
USB device control and security policies
Allow specific USB device
Expected Output: USB device added to allow policyNote
Use lsusb to find device IDs
List all USB policies
Expected Output: Current USB device policiesStart USB monitoring
Expected Output: USB monitoring service startedView USB device history for last 7 days
Expected Output: USB device connection historyData Destruction
Secure data wiping procedures
Securely wipe file with 7 passes
Expected Output: File securely wiped and unrecoverableNote
Multiple passes increase security
Securely wipe entire directory
Expected Output: Directory and contents wiped securelyNote
All files in directory will be destroyed
Wipe free space on device
Expected Output: Free space wiped securelyNote
Prevents recovery of deleted files
Wipe system and application logs
Expected Output: Logs wiped successfullyNote
Removes log file traces
Wipe browser history and data
Expected Output: Browser data wipedNote
Removes browsing history and cache
Schedule automatic file wiping with cron pattern
Expected Output: File wipe scheduled successfullyNote
Uses cron syntax for scheduling
Use DoD 5220.22-M wiping pattern
Expected Output: DoD wiping pattern appliedNote
Department of Defense secure wiping standard
Verify file has been securely wiped
Expected Output: File wipe verification resultsBatch wipe multiple files with 7 passes
Expected Output: Batch file wiping completedNote
Comma-separated file paths
System Maintenance and Updates
Automated updates, password policies, and system maintenance
Enable automatic security updates
Expected Output: Automatic security updates enabledDisable automatic updates
Expected Output: Automatic updates disabledCheck automatic updates status
Expected Output: Auto-updates configuration statusEnable strong password policy
Expected Output: Strong password policy enforcedDisable strong password policy
Expected Output: Password policy disabledEnable user security checks
Expected Output: User security policies enabledEnable 2FA for specific user
Expected Output: Two-factor authentication enabledDisable 2FA for user
Expected Output: Two-factor authentication disabledEnable automatic system maintenance
Expected Output: System maintenance automation enabledClean up unnecessary packages
Expected Output: System packages cleaned and optimizedCheck password policy status
Expected Output: Current password policy configurationDisable user security checks
Expected Output: User security policies disabledCheck user security status
Expected Output: User security configuration statusCheck 2FA status for users
Expected Output: Two-factor authentication statusDisable automatic system maintenance
Expected Output: System maintenance automation disabledCheck system maintenance status
Expected Output: System maintenance configuration statusTroubleshooting
Debug and resolve common issues
Network check with extended timeout for slow connections
Expected Output: Extended connectivity test resultsNote
Use when experiencing network timeouts
Enable debug logging for network diagnostics
Expected Output: Detailed debug informationNote
Use when troubleshooting connectivity issues
Extract only error information from system audit
Expected Output: JSON array of system errorsNote
Requires jq for JSON parsing
Simple check with conditional message
Expected Output: Status message based on internet stateExtract threat count from rootkit scan
Expected Output: Number of threats foundNote
Use for automated security monitoring
Run Lynis scan with system timeout
Expected Output: Quick audit results or timeoutNote
Prevents hanging on system issues
Capture verbose memory diagnostics to file
Expected Output: Memory statistics saved to log fileNote
Use for detailed memory troubleshooting
List all security status categories
Expected Output: Available security check categoriesNote
Use to discover available security checks
System Control
System configuration and control operations
Display current system timezone
Expected Output: Current timezone informationSync timezone based on IP geolocation
Expected Output: Timezone synchronized to detected locationShow timezone based on current IP location
Expected Output: Remote location timezone informationSet specific timezone
Expected Output: Timezone set to America/New_YorkPlay system alert sound
Expected Output: Sound played successfullyPlay success notification sound
Expected Output: Success sound playedPlay warning sound in MP3 format
Expected Output: Warning sound played in MP3Play alert sound with debug output
Expected Output: Alert sound played with debug infoSend system notification
Expected Output: Notification sent successfullySend basic notification message
Expected Output: Notification sent successfullySend notification with message body
Expected Output: Detailed notification sentSend critical notification with 30 second duration
Expected Output: Critical notification sentSend notification with custom icon
Expected Output: Notification with icon sentMemory and Performance Management
Memory management, cleanup, and performance optimization
Show current memory statistics
Expected Output: Memory usage and performance metricsShow memory statistics in JSON format
Expected Output: JSON formatted memory statisticsClean system memory
Expected Output: Memory cleaned successfullyForce memory cleanup
Expected Output: Memory force-cleaned successfullyNote
Use when regular cleanup insufficient
Securely wipe memory
Expected Output: Memory wiped securelyNote
Security-focused memory clearing
Wipe specific process memory securely
Expected Output: Firefox process memory wiped successfullyNote
Clears sensitive data from process memory
Wipe Chrome browser memory
Expected Output: Chrome process memory wiped successfullyNote
Removes cached passwords and session data
Set swappiness=10, cache_pressure=100
Expected Output: Swap parameters configured: swappiness=10, cache_pressure=100Note
Low swappiness reduces swap usage, improves performance
Limit Firefox to 2GB RAM
Expected Output: Memory limit set for Firefox: 2048 MBNote
Prevents single process from consuming excessive memory
Limit Chrome to 1GB RAM
Expected Output: Memory limit set for Chrome: 1024 MBEmergency Operations - Kill Switch & Panic Modes
Emergency security measures with two modes: MONITORING (arm/disarm) prepares for threats, IMMEDIATE (panic/activate) executes emergency procedures
ARM kill switch monitoring (preparation mode)
Expected Output: Kill switch ARMED - Monitoring mode activeNote
MONITORING MODE: Watches for security triggers (network intrusions, tampering). Does NOT take action until triggered. Auto-activates panic on detection.
DISARM kill switch monitoring
Expected Output: Kill switch DISARMEDNote
Stops monitoring mode. Use after threat has passed or false alarm.
Check if monitoring is armed/disarmed
Expected Output: Shows armed status, trigger count, armed timeNote
READ-ONLY: Just displays current state, takes no action
IMMEDIATELY activate kill switch (default: medium panic)
Expected Output: KILL SWITCH ACTIVATED - emergency procedures executedNote
IMMEDIATE ACTION: Unlike 'arm', this executes panic NOW. Prompts for confirmation. Use --level soft/medium/hard
IMMEDIATE soft panic (NO confirmation)
Expected Output: Network killed, clipboard cleared, screen lockedNote
INSTANT: Kill network + clear clipboard + lock screen. Reversible. Good for quick privacy.
IMMEDIATE medium panic (requires confirmation)
Expected Output: Panic mode activated after confirmationNote
WITH CONFIRMATION: Soft + kill processes + clear memory + unmount devices. Requires restart to restore.
IMMEDIATE hard panic (double confirmation)
Expected Output: System shutdown initiatedNote
CRITICAL - DOUBLE CONFIRM: Medium + RAM wipe + shutdown in 1 min. IRREVERSIBLE! System WILL shutdown!
Create recovery checkpoint BEFORE panic
Expected Output: Recovery point createdNote
Create BEFORE activating panic modes. Allows restoration of configs after emergency.
Restore system after panic activation
Expected Output: System recovered from panic modeNote
Use AFTER panic to restore normal operation. Restarts services, fixes permissions.
Set panic profile to paranoid mode
Expected Output: Panic profile set to paranoidNote
Maximum security response level
Kill specific network interface
Expected Output: Network interface eth0 terminatedNote
Selective network isolation
Terminate specific process immediately
Expected Output: Process firefox terminatedNote
Emergency process termination
Recover from panic mode using recovery point
Expected Output: System recovered from panic modeNote
Restores system to pre-panic state
Security
General security status and monitoring
Show comprehensive security status
Expected Output: Complete security status reportShow security status in JSON format
Expected Output: JSON formatted security statusUSB Security
USB device control and monitoring
Enable USB Guard protection
Expected Output: USB Guard enabled successfullyDisable USB Guard protection
Expected Output: USB Guard disabled successfullyAdd USB device to allow policy
Expected Output: USB device policy addedNote
Use lsusb to find device IDs
List all USB policies
Expected Output: Current USB device policiesStart USB device monitoring
Expected Output: USB monitoring startedView USB device history for last 7 days
Expected Output: USB device connection historyStorage Security
Storage encryption and secure wiping
Encrypt storage device
Expected Output: Storage device encrypted successfullyNote
Backup data before encryption
Securely wipe storage device
Expected Output: Storage device wiped securelyNote
Data will be permanently destroyed
Security Assessment
Security scoring and reporting
Calculate overall security score
Expected Output: Shows score (0-100), security level (Critical/Poor/Fair/Good/Excellent), and actionable fixesGet security score in JSON format
Expected Output: Full JSON with category breakdowns (Core/Network/Hardening/Device/Advanced), individual check scores, and specific remediation commandsGenerate comprehensive security report
Expected Output: Detailed security assessment reportGenerate security report in JSON format
Expected Output: JSON formatted security reportView security score history for last 30 days
Expected Output: Security score trends and historical dataNote
Shows security improvements over time
View last 7 days security history in JSON
Expected Output: JSON formatted security historyReview security fixes before applying
Expected Output: Security fix recommendations displayedNote
Manual review mode for security fixes
Package Management
Automated package installation and management
Check for and install required packages
Expected Output: Package installation completedNote
Installs missing system dependencies
Execute package installation with confirmation
Expected Output: Package installation executedNote
Interactive installation process
Hardware Security
Hardware-level security features
Verify hardware random number generator
Expected Output: Hardware RNG status and qualityCheck system entropy status
Expected Output: Entropy pool status and qualityEnable cold boot attack defense
Expected Output: Cold boot defense enabledCheck boot integrity
Expected Output: Boot integrity verification resultsSystem Information Extended
Detailed system information and diagnostics
Display comprehensive system information
Expected Output: Complete system details and configurationDisplay hardware information
Expected Output: Hardware components and specificationsDisplay hardware information in JSON
Expected Output: JSON formatted hardware detailsDisplay process information
Expected Output: Running processes and resource usageDisplay security configuration
Expected Output: Security settings and statusDisplay network configuration
Expected Output: Network interfaces and settingsDisplay user information
Expected Output: User accounts and permissionsDisplay storage information
Expected Output: Disk usage and filesystem detailsDisplay services information
Expected Output: System services statusDisplay all system information
Expected Output: Complete system information reportEnvironment Variables
| Variable | Description | Default | Values |
|---|---|---|---|
RUST_LOG |
Set logging level | info | error |
NO_COLOR |
Disable all colored output when set | unset | 1 |
Exit Codes
| Code | Description |
|---|---|
| 0 | Success |
| 1 | General error |
| 2 | Invalid arguments |
| 3 | Permission denied |
| 4 | Network error |
| 5 | File not found |