A lightweight security framework for Linux-based IoT systems that combines:
- Boot-time integrity verification
- Runtime security monitoring
- Network traffic inspection
- Service and user activity monitoring
The project is designed to provide a foundational security layer for resource-constrained IoT devices without requiring specialized hardware such as TPMs.
IoT_ISL consists of two major components:
Executed during the boot process through initramfs.
Responsibilities:
- Verify integrity of critical files
- Detect unauthorized modifications
- Establish an initial trusted state before user-space services start
- Prevent compromised systems from booting unnoticed
Executed after boot.
Responsibilities:
- Weak password detection
- Active connection monitoring
- Logged-in user monitoring
- Reverse shell detection
- Running service monitoring
- HTTP traffic inspection
- SHA256-based file integrity verification
- Manifest-driven verification
- Executed during initramfs stage
- Detects unauthorized file modifications
- Generates boot-time integrity status reports
Configured through:
secureBoot/version2/monitored_files.txt
Examples:
./my_daemon
config/daemon.conf
/etc/passwd
- Scans
/etc/shadow - Detects weak password hashes
- Runs every 30 minutes
Runs every 2 seconds:
- Active network connections
- Logged-in users
- Running services
- Reverse shell detection
- Uses libpcap
- Captures HTTP traffic
- Monitors incoming and outgoing packets
Boot Process
β
βΌ
Initramfs Stage
β
βΌ
SecureBoot Integrity Check
β
βββββββββββββ΄ββββββββββββ
β β
βΌ βΌ
SAFE COMPROMISED
β
βΌ
systemd
β
βΌ
IoT_ISL Daemon
β
βββ Service Monitoring Thread
β
βββ Password Audit Thread
β
βββ HTTP Sniffer Thread
.
βββ build/
βββ config/
βββ http/
βββ passwd_check/
βββ Services/
βββ Utility/
β
βββ secureBoot/
β βββ version1/
β βββ version2/
β βββ verifier.c
β βββ monitored_files.txt
β βββ generate_manifest.sh
β βββ secureBoot.boot
β βββ initramfs_codes/
β βββ iot_isl_hook
β βββ iot_isl_check
β
βββ main.c
βββ Makefile
βββ my_daemon
βββ README.md
Install dependencies:
sudo apt update
sudo apt install \
build-essential \
libpcap-dev \
libcrypt-dev \
libssl-dev \
initramfs-toolsBuild daemon only:
makeOutput:
my_daemon
Build daemon and SecureBoot components:
make SECUREBOOT=trueThis performs:
- Daemon build
- SecureBoot verifier build
- Manifest generation
Deploy SecureBoot into initramfs:
make deploy-securebootThis automatically:
- Builds daemon
- Builds verifier
- Generates integrity manifest
- Installs initramfs hook scripts
- Updates initramfs
Reboot afterwards:
sudo rebootAfter reboot:
cat /boot/firmware/iot_isl_status.txtDebug information:
cat /boot/firmware/iot_isl_debug.txtExample:
SYSTEM SAFE
or
INTEGRITY COMPROMISED
sudo ./my_daemonRoot privileges are required for:
/etc/shadowaccess- Packet capture
- Service monitoring
- Network inspection
Configuration file:
config/daemon.conf
Example:
[passwd]
enable=true
[services]
active_connections=true
current_access=true
reverse_shell=true
running_services=true
[http]
http_sniffer=true
[secureboot]
enable=trueLogs are written using syslog.
sudo tail -f /var/log/syslogFilter daemon logs:
sudo grep simple_daemon /var/log/syslogView logs:
sudo journalctl -t simple_daemonFollow logs:
sudo journalctl -t simple_daemon -fRecent logs:
sudo journalctl -t simple_daemon -n 50Generated by SecureBoot:
/boot/firmware/iot_isl_status.txt
/boot/firmware/iot_isl_debug.txt
These files contain:
- Integrity verification result
- Files checked
- Verification status
- Debug information
IoT_ISL is intended as a lightweight software-based security framework for Linux IoT systems and explores:
- Secure boot concepts without TPM hardware
- File integrity verification
- Runtime security monitoring
- Early boot trust establishment
- Embedded Linux security
- SHA256 manifest is not digitally signed yet
- No TPM integration
- No measured boot support
- Software-only trust model
- No deep packet inspection
- Heuristic reverse shell detection
- No alerting mechanism
- No centralized logging
- HTTP-only packet monitoring
- Requires root privileges
Adityakrishna Vinod
MIT License
Copyright (c) 2026 Adityakrishna Vinod
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.