alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix audit log surviving killswitch activation

Browse Source 
The audit.jsonl file (containing usernames, actions, timestamps) was
not included in the PurgeScope.ALL destruction steps. An adversary
with filesystem access after a failed or partial purge could recover
operational evidence. Added destroy_audit_log step after temp files,
before config deletion.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Aaron D. Lee 2026-04-01 19:45:14 -04:00
parent 0d8c94bf82
commit 792254699c
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/soosef/fieldkit/killswitch.py
View File

@ -98,6 +98,7 @@ def execute_purge(scope: PurgeScope = PurgeScope.ALL, reason: str = "manual") ->
("destroy_attestation_log", lambda: _secure_delete_dir(paths.ATTESTATIONS_DIR)), ("destroy_attestation_log", lambda: _secure_delete_dir(paths.ATTESTATIONS_DIR)),
("destroy_chain_data", lambda: _secure_delete_dir(paths.CHAIN_DIR)), ("destroy_chain_data", lambda: _secure_delete_dir(paths.CHAIN_DIR)),
("destroy_temp_files", lambda: _secure_delete_dir(paths.TEMP_DIR)), ("destroy_temp_files", lambda: _secure_delete_dir(paths.TEMP_DIR)),
("destroy_audit_log", lambda: _secure_delete_file(paths.AUDIT_LOG)),
("destroy_config", lambda: _secure_delete_file(paths.CONFIG_FILE)), ("destroy_config", lambda: _secure_delete_file(paths.CONFIG_FILE)),
("clear_journald", _clear_system_logs), ("clear_journald", _clear_system_logs),
] ]