README.md
Rendering markdown...
#!/bin/bash
#
# setup_host.sh - Prepare host system for covert channel testing
#
# Run this BEFORE docker-compose up
#
set -e
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ Host Setup for CVE-2023-1206 + CVE-2024-49882 Covert Channel ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "[!] Please run as root: sudo $0"
exit 1
fi
# 1. Check kernel version
echo "[*] Checking kernel version..."
KERNEL=$(uname -r)
echo " Current kernel: $KERNEL"
if [[ "$KERNEL" != *"6.12"* ]]; then
echo "[!] Warning: Expected kernel 6.12.x with vulnerability"
echo " You may need to boot into the vulnerable kernel"
fi
# 2. Setup hugepages
echo
echo "[*] Setting up hugepages..."
CURRENT_HP=$(cat /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages)
echo " Current hugepages: $CURRENT_HP"
if [ "$CURRENT_HP" -lt 128 ]; then
echo " Allocating 256 hugepages..."
# Drop caches first
sync
echo 3 > /proc/sys/vm/drop_caches
echo 256 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
NEW_HP=$(cat /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages)
FREE_HP=$(cat /sys/kernel/mm/hugepages/hugepages-2048kB/free_hugepages)
echo " Allocated: $NEW_HP, Free: $FREE_HP"
else
echo " Hugepages already configured"
fi
# 3. Load udmabuf module
echo
echo "[*] Loading udmabuf module..."
if lsmod | grep -q udmabuf; then
echo " udmabuf already loaded"
else
modprobe udmabuf
echo " udmabuf loaded"
fi
# Check /dev/udmabuf
if [ -e /dev/udmabuf ]; then
echo " /dev/udmabuf exists"
chmod 666 /dev/udmabuf
else
echo "[!] /dev/udmabuf not found!"
echo " Creating device node..."
MINOR=$(cat /proc/misc | grep udmabuf | awk '{print $1}')
if [ -n "$MINOR" ]; then
mknod /dev/udmabuf c 10 $MINOR
chmod 666 /dev/udmabuf
else
echo "[!] Failed to create /dev/udmabuf"
fi
fi
# 4. Enable IPv6
echo
echo "[*] Configuring IPv6..."
sysctl -w net.ipv6.conf.all.forwarding=1 >/dev/null
sysctl -w net.ipv6.conf.default.forwarding=1 >/dev/null
echo " IPv6 forwarding enabled"
# 5. Docker configuration
echo
echo "[*] Checking Docker IPv6 configuration..."
if [ -f /etc/docker/daemon.json ]; then
if grep -q "ipv6" /etc/docker/daemon.json; then
echo " Docker IPv6 already configured"
else
echo "[!] Docker IPv6 not configured"
echo " Add to /etc/docker/daemon.json:"
echo ' {"ipv6": true, "fixed-cidr-v6": "fd00::/80"}'
fi
else
echo " Creating Docker daemon.json..."
cat > /etc/docker/daemon.json << 'EOF'
{
"ipv6": true,
"fixed-cidr-v6": "fd00::/80",
"experimental": true,
"ip6tables": true
}
EOF
echo " Restarting Docker..."
systemctl restart docker
fi
# 6. Create hugepages mount if needed
echo
echo "[*] Checking hugepages mount..."
if mountpoint -q /dev/hugepages; then
echo " /dev/hugepages is mounted"
else
echo " Mounting hugetlbfs..."
mkdir -p /dev/hugepages
mount -t hugetlbfs nodev /dev/hugepages
fi
chmod 1777 /dev/hugepages
# 7. Summary
echo
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ Setup Complete! ║"
echo "╠════════════════════════════════════════════════════════════════╣"
echo "║ ║"
printf "║ Kernel: %-50s ║\n" "$KERNEL"
printf "║ Hugepages: %-50s ║\n" "$(cat /sys/kernel/mm/hugepages/hugepages-2048kB/free_hugepages) free"
printf "║ udmabuf: %-50s ║\n" "$(ls -la /dev/udmabuf 2>/dev/null | awk '{print $1}' || echo 'NOT FOUND')"
echo "║ ║"
echo "║ Next steps: ║"
echo "║ 1. cd ~/covert_channel ║"
echo "║ 2. docker-compose build ║"
echo "║ 3. docker-compose up victim_db ║"
echo "║ 4. docker-compose run --rm attacker ║"
echo "║ ║"
echo "╚════════════════════════════════════════════════════════════════╝"