Enterprise-Grade Privacy and Security
Enterprise-Grade Privacy and Security
A collection of high-performance Rust-based security tools that form the backbone of Linux Kodachi's privacy and anonymity infrastructure. These production-ready binaries provide enterprise-level security features for advanced privacy protection and system hardening.
Core Architecture Principles
Zero-Trust Architecture: Authentication-first design with granular authorization and certificate pinning
Memory-Safe Implementation: Rust-first design with comprehensive error handling and rigorous safety practices
Modular Design: Independent services with shared libraries through cli-core, auth-shared, and logs-hook
Forensic Resistance: Multi-pass secure wiping, memory cleaning, emergency data destruction capabilities
Documentation Hub
Quick Start
Installation guide and getting started with Kodachi binaries
User Guides
Comprehensive guides for Network, Security, Protection, and Infrastructure tools
CLI Reference
Complete command-line reference for all 14 security binaries
Binary Categories and Requirements
Network and Privacy Tools
| Binary | Primary Function | Requires Auth | Requires Sudo | Auto-Start |
|---|---|---|---|---|
| tor-switch | Advanced Tor network orchestration (70+ commands) | Mixed (73%) | Yes (iptables/nftables) | No |
| routing-switch | Multi-protocol routing (12 protocols) | Mixed (61%) | Yes (network config) | No |
| ip-fetch | Secure IP geolocation with multi-source verification | Mixed (8%) | No (sudo only for system changes) | No |
| dns-switch | DNS management with 50+ secure resolver options | Mixed (44%) | Yes (system DNS) | No |
| dns-leak | Real-time DNS leak detection and analysis | Mixed (25%) | No | No |
System Security and Protection
| Binary | Primary Function | Requires Auth | Requires Sudo | Auto-Start |
|---|---|---|---|---|
| health-control | Emergency kill switches and panic modes | Mixed (61%) | Yes (system ops) | No |
| integrity-check | Cryptographic system integrity verification | No | No | No |
| permission-guard | Real-time permission monitoring and enforcement | No | No | No |
| online-auth | Secure authentication and heartbeat monitoring | No | Yes (system-wide) | No (manual start) |
Infrastructure and Management
| Binary | Primary Function | Requires Auth | Requires Sudo | Auto-Start |
|---|---|---|---|---|
| logs-hook | Centralized secure logging infrastructure | No | No | Auto-integrated by all |
| deps-checker | Dependency validation and security auditing | No | No | No |
| global-launcher | System-wide binary deployment manager | No | No | No |
| workflow-manager | Batch command execution with conditional logic | Mixed (11%) | Yes (system ops) | No |
| online-info-switch | Online information hub and RSS feeds | Mixed (58%) | No | No |
Binary Descriptions and Use Cases
Comprehensive overview of each security binary's functionality, primary use cases, and operational capabilities. These user-friendly descriptions provide context for the technical specifications detailed in subsequent sections.
Navigation Guide
Each binary description includes primary function, key capabilities, typical use cases, and integration notes. For detailed command references and authentication requirements, see the individual binary documentation linked in each description.
online-auth - Authentication and Heartbeat Monitoring
Quick Reference: Full Documentation | Auth Level: 57% | Sudo Required: Yes (system-wide)
Provides authentication services for Kodachi OS through cryptographic API validation and secure session management. Handles service heartbeats for connection monitoring and manages API keys for authorized access. Implements privacy-preserving authentication protocols with encrypted credential storage and secure token rotation. Ensures anonymous communication channels between local services and authentication endpoints. Maintains session persistence across restarts while adhering to anti-forensic principles.
routing-switch - Multi-Protocol Network Routing
Quick Reference: Full Documentation | Auth Level: 61% | Sudo Required: Yes (network config)
Comprehensive encrypted routing service supporting 12+ anonymization protocols including OpenVPN, WireGuard, Shadowsocks, V2Ray, Xray, Hysteria2, SOCKS5, Dante with Tor integration via Redsocks. Provides traffic obfuscation to bypass Deep Packet Inspection, multi-layer encryption tunneling, and anti-forensic network routing. Ensures complete privacy protection through protocol layering, encrypted tunnel management, and anonymization. Features intelligent routing tables for maximum anonymity while maintaining connection stability. Critical component of Kodachi's security infrastructure for untraceable communications.
tor-switch - Advanced Tor Network Orchestration
Quick Reference: Full Documentation | Auth Level: 73% | Sudo Required: Yes (iptables/nftables)
Manages Tor network connections and circuit isolation for Kodachi OS. Provides control over Tor instances, exit node selection, and circuit rotation. Features multi-instance Tor management, load balancing across circuits, DNS leak prevention, and traffic routing configuration. Supports transparent proxy setup, bridge configuration, and country-based exit node selection. Includes monitoring capabilities for circuit health and connection status.
ip-fetch - Secure IP Geolocation
Quick Reference: Full Documentation | Auth Level: 8% | Sudo Required: No
Fetches IP geolocation data with multi-provider support and fallback mechanisms. Retrieves current IP address information including location, ISP, and connection details. Features automatic provider rotation when services are unavailable, response caching for efficiency, and verification through multiple sources. Supports both IPv4 and IPv6 addresses with JSON output format. Integrates with VPN and Tor connections to verify routing status.
online-info-switch - Information Hub and RSS Feeds
Quick Reference: Full Documentation | Auth Level: 58% | Sudo Required: No
Information aggregation service providing RSS feed monitoring and data collection. Manages various information sources including security feeds, cryptocurrency data, and paste services. Features scheduled feed updates, content filtering, and data categorization. Supports multiple RSS sources with configurable refresh intervals. Provides structured output for collected information with timestamp tracking and source attribution.
health-control - Emergency Kill Switches and Panic Modes
Quick Reference: Full Documentation | Auth Level: 61% | Sudo Required: Yes (system ops)
System health monitoring and emergency control service for Kodachi OS. Provides network connectivity checks, panic mode operations, and system state management. Features multiple emergency response levels (soft, medium, hard), network kill switches using iptables/nftables, secure data wiping capabilities, and MAC address randomization. Includes system scoring for security posture assessment, hardware monitoring, and USB device protection. Supports recovery operations for restoring network connectivity after emergency procedures.
dns-switch - DNS Management with 50+ Resolvers
Quick Reference: Full Documentation | Auth Level: 44% | Sudo Required: Yes (system DNS)
DNS management service supporting multiple secure resolver configurations. Manages system DNS settings with support for 50+ DNS providers including privacy-focused options. Features DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and DNSCrypt protocol support. Provides automatic resolver switching, fallback mechanisms, and Pi-hole integration. Includes DNS cache management and resolver health monitoring. Supports custom resolver configuration and automatic optimal server selection.
dns-leak - DNS Leak Detection and Prevention
Quick Reference: Full Documentation | Auth Level: 25% | Sudo Required: No
DNS leak detection and prevention service for network privacy verification. Performs comprehensive leak tests across all network interfaces to identify DNS configuration issues. Features real-time leak detection, multi-provider verification, and automated alert generation. Monitors DNS queries to ensure they route through configured secure channels. Provides detailed reports on DNS resolver usage and potential privacy issues.
integrity-check - Cryptographic System Verification
Quick Reference: Full Documentation | Auth Level: 0% | Sudo Required: No
System integrity verification service using cryptographic checksums and digital signatures. Validates file integrity through SHA-256 hashing and signature verification. Features binary authentication, configuration file monitoring, and tamper detection. Provides scheduled integrity scans and on-demand verification. Maintains baseline checksums for critical system files and detects unauthorized modifications. Supports custom file lists and exclusion patterns for targeted verification.
permission-guard - Real-Time Permission Monitoring
Quick Reference: Full Documentation | Auth Level: 0% | Sudo Required: No
File permission monitoring and enforcement service for system security. Monitors file system permissions and ownership to detect unauthorized changes. Features real-time permission tracking, automated correction of insecure permissions, and privilege escalation detection. Provides scheduled scans and on-demand verification of critical directories. Maintains permission baselines and reports deviations. Supports custom permission policies and automated remediation workflows.
logs-hook - Centralized Logging Infrastructure
Quick Reference: Full Documentation | Auth Level: 0% | Sudo Required: No
Provides centralized logging infrastructure with secure log collection, rotation, and deletion capabilities. Features encrypted log storage, automatic rotation schedules, and secure deletion protocols. Supports multiple log levels, filtering algorithms, and privacy-aware logging practices. Includes log aggregation from all system services and real-time monitoring. Offers multi-pass secure deletion and log anonymization for privacy protection.
deps-checker - Dependency Validation and Auditing
Quick Reference: Full Documentation | Auth Level: 0% | Sudo Required: No
Validates system dependencies and performs security auditing of installed packages. Features automated dependency scanning, version conflict detection, and security vulnerability identification. Provides package relationship analysis, compatibility verification, and installation script generation. Includes system configuration validation and dependency tree analysis. Maintains databases of tested configurations for optimal system security.
global-launcher - System-Wide Binary Deployment
Quick Reference: Full Documentation | Auth Level: 0% | Sudo Required: No
Deploys Kodachi binaries system-wide while maintaining proper execution contexts and security validation. Features intelligent shortcut creation, environment variable management, and working directory preservation. Provides binary integrity verification and automated rollback capabilities. Includes security validation protocols and comprehensive deployment logging. Enables global accessibility without compromising security isolation.
workflow-manager - Batch Command Execution and Automation
Quick Reference: Full Documentation | Auth Level: 11% | Sudo Required: Yes (system ops)
Comprehensive workflow automation service for batch command execution with advanced conditional logic and state management. Features template-based workflow creation, hybrid conditional system combining success/fail states with pattern matching and JSON path evaluation. Provides interactive pause controls for manual checkpoints, comprehensive telemetry logging in JSONL format, and configurable timeout protection. Supports concurrent execution within workflows, retry logic for failed operations, and dry-run mode for safe testing. Enables complex multi-step automation with regex pattern matching, substring searching, and JSON response evaluation for precise control flow. Ships with 80+ ready-to-use built-in profiles stored in `dashboard/hooks/config/profiles/`, and users can create custom profiles based on their specific automation requirements. Critical for system maintenance workflows, batch operations, and automated diagnostic procedures requiring conditional execution paths.
Inter-Binary Dependencies Matrix
Binary Communication Flow
| Service | Calls These Binaries | Called By These Binaries |
|---|---|---|
| online-auth | logs-hook | Authentication required by: ip-fetch, tor-switch, routing-switch, dns-switch, dns-leak, health-control, online-info-switch |
| logs-hook | None | Integrated by all services for centralized logging |
| ip-fetch | logs-hook, online-auth, routing-switch | tor-switch, routing-switch, dns-switch, dns-leak |
| tor-switch | logs-hook, online-auth, ip-fetch | routing-switch |
| routing-switch | logs-hook, online-auth, tor-switch, ip-fetch | health-control, ip-fetch |
| dns-switch | logs-hook, online-auth, ip-fetch | None |
| dns-leak | logs-hook, online-auth, ip-fetch | None |
| health-control | logs-hook, online-auth, routing-switch | dns-switch, online-info-switch |
| integrity-check | logs-hook | None |
| permission-guard | logs-hook | Can be used alongside online-auth for permission checks |
| deps-checker | logs-hook | None |
| global-launcher | logs-hook | Can be orchestrated by online-auth for deployments |
| workflow-manager | logs-hook | None (user-initiated batch operations) |
| online-info-switch | logs-hook, online-auth, health-control | None |
Critical Service Dependencies
| Dependency Type | Description | Affected Services |
|---|---|---|
| Authentication Chain | Services requiring valid authentication before operation | ip-fetch, tor-switch, routing-switch, dns-switch, dns-leak, health-control, online-info-switch |
| Logging Infrastructure | All services use logs-hook for centralized logging | ALL binaries |
| IP Verification | Services that call ip-fetch for network testing | tor-switch, routing-switch, dns-switch, dns-leak |
| System Management | Services that may interact with online-auth | permission-guard, global-launcher |
Authentication Requirements Matrix
Authentication Quick Reference (Sorted by Command Count)
| Service | Total | Auth | No Auth | Auth Level | Primary Use Case |
|---|---|---|---|---|---|
| health-control | 186 | 114 | 72 | ██████░░░░ | Emergency kill switches, panic modes, system hardening |
| tor-switch | 108 | 79 | 29 | ███████░░░ | Tor network orchestration with 70+ management commands |
| dns-switch | 25 | 11 | 14 | ████░░░░░░ | DNS server management with 50+ resolver options |
| routing-switch | 18 | 11 | 7 | ██████░░░░ | Multi-protocol network routing configuration |
| online-auth | 14 | 8 | 6 | ██████░░░░ | Authentication service and heartbeat monitoring |
| ip-fetch | 13 | 1 | 12 | █░░░░░░░░░ | IP geolocation (auth only for bulk operations) |
| online-info-switch | 12 | 7 | 5 | ██████░░░░ | Online information hub and RSS feeds |
| integrity-check | 7 | 0 | 7 | ░░░░░░░░░░ | System integrity verification |
| dns-leak | 4 | 1 | 3 | ███░░░░░░░ | DNS leak detection |
| permission-guard | 4 | 0 | 4 | ░░░░░░░░░░ | Permission monitoring |
| deps-checker | 4 | 0 | 4 | ░░░░░░░░░░ | Dependency validation |
| global-launcher | 3 | 0 | 3 | ░░░░░░░░░░ | Binary deployment management |
| workflow-manager | 9 | 1 | 8 | █░░░░░░░░░ | Batch command execution |
| logs-hook | 3 | 0 | 3 | ░░░░░░░░░░ | Centralized logging |
Legend
| Symbol | Description |
|---|---|
| Auth Required | Commands requiring valid authentication via online-auth |
| No Auth | Commands that can run without authentication |
| Emergency Bypass | Some services in health-control have emergency bypass commands for critical recovery |
Authentication Dashboard
Key Insights
Overview Statistics
Total Commands
410
Auth Required
233 (56.8%)
No Auth
177 (43.2%)
Total Binaries
14
Highest Authentication
tor-switch
73% (79/108)
health-control
61% (114/186)
routing-switch
61% (11/18)
No Authentication Required
integrity-check
7 cmds
permission-guard
4 cmds
deps-checker
4 cmds
global-launcher
3 cmds
logs-hook
3 cmds
workflow-manager
9 cmds
Command Distribution
Top 3 binaries
79%
Average per binary
31 cmds
Median auth rate
25%
Binary Authentication Overview
health-control
61% auth
tor-switch
73% auth
dns-switch
44% auth
routing-switch
61% auth
online-auth
57% auth
ip-fetch
8% auth
online-info-switch
58% auth
integrity-check
0% auth
dns-leak
25% auth
permission-guard
0% auth
deps-checker
0% auth
global-launcher
0% auth
logs-hook
0% auth
workflow-manager
11% auth
Authentication Patterns by Service Type
| Pattern | Services | Description |
|---|---|---|
| No Authentication | logs-hook global-launcher deps-checker permission-guard integrity-check | No auth-shared library usage |
| Mixed Authentication | online-info-switch dns-leak routing-switch ip-fetch dns-switch tor-switch health-control workflow-manager | Selective command authentication |
| Bulk Operations Auth | ip-fetch | Only bulk/multi operations require auth |
| Emergency Bypass | health-control | Critical recovery commands bypass auth |
| Special Provider | online-auth | Authentication provider service |
Service-Specific Authentication Details
logs-hook
Total Commands: 3 | Auth Required: 0 | No Auth: 3
Commands Without Authentication (3)
log
maintenance rotate
maintenance wipe
global-launcher
Total Commands: 3 | Auth Required: 0 | No Auth: 3
Commands Without Authentication (3)
deploy
verify
cleanup
deps-checker
Total Commands: 4 | Auth Required: 0 | No Auth: 4
Commands Without Authentication (4)
check
scan
verify
report
permission-guard
Total Commands: 4 | Auth Required: 0 | No Auth: 4
Commands Without Authentication (4)
watch
config
scan
status
workflow-manager
Total Commands: 9 | Auth Required: 1 | No Auth: 8
Commands Requiring Authentication (1)
run
Commands Without Authentication (8)
create
add
pause
list
show
update
delete-step
delete
dns-leak
Total Commands: 4 | Auth Required: 1 | No Auth: 3
Commands Requiring Authentication (1)
test
Commands Without Authentication (3)
discover
report
results
integrity-check
Total Commands: 7 | Auth Required: 0 | No Auth: 7
Commands Without Authentication (7)
generate
check-all
check-integrity
check-signatures
check-version
check-config
view-logs
online-info-switch
Total Commands: 12 | Auth Required: 7 | No Auth: 5
Commands Requiring Authentication (7)
set-online
set-offline
set-auto
clear-cache
test-connectivity
rss
paste
Commands Without Authentication (5)
status
check
info
list
freshness
ip-fetch
Total Commands: 13 | Auth Required: 1 | No Auth: 12
Commands Requiring Authentication (1)
verify-multi
Commands Without Authentication (12)
fetch
plain-ip
auth-status
debug-auth
test-all
test-fallback
random
tor
dns
geo
check-tor
cache
online-auth
Total Commands: 14 | Auth Required: 8 | No Auth: 6
Commands Requiring Authentication (8)
sync-api-key
authenticate
logout
send-heartbeat
send-heartbeat-with-retry
start-heartbeat
stop-heartbeat
get-card
Commands Without Authentication (6)
check-login
check-if-blocked
get-ids
check-all-status
check-heartbeat
which-group
routing-switch
Total Commands: 18 | Auth Required: 11 | No Auth: 7
Commands Requiring Authentication (11)
connect
test-protocol
benchmark
auto-select
export-config
showconfig
showconfigurl
showconfigqr
validate-qr
tor-dns-info
vps-info
Commands Without Authentication (7)
status
dns-info
list-protocols
disconnect
reset
cleanup
recover
dns-switch
Total Commands: 25 | Auth Required: 11 | No Auth: 14
Commands Requiring Authentication (11)
switch
random
dnscrypt-set
dnscrypt-restart
pihole-enable
pihole-password
pihole-reset
health
fetch
fetch-count
clean-duplicates
Commands Without Authentication (14)
fallback
dnscrypt-remove
pihole-disable
fetch-dns-from-card
clean
backup
restore-default
restore-backup
dnscrypt
pihole
status
list
count
help
tor-switch
Total Commands: 108 | Auth Required: 79 | No Auth: 29
Commands Requiring Authentication (79)
start-tor
stop-tor
restart-tor
create-instance
delete-instance
delete-all-instances
start-instance
stop-instance
restart-instance
start-all-instances
stop-all-instances
restart-all-instances
set-default-instance
rename-instance
clone-instance
create-multiple-instances
set-exit-node
set-exit-node-all
set-exclude-node
set-exclude-node-all
clear-exit-node
clear-exit-node-all
new-tor-circuit
new-tor-circuit-all
reload-tor-config
reload-tor-config-all
backup-config
backup-config-all
restore-config
restore-config-all
generate-new-tor-password
generate-new-tor-password-all
clean-torrc-custom
clean-torrc-custom-all
auto-ip-change
stop-auto-ip-change
update-ip-timer
update-ip-all-timer
remove-ip-timer
remove-ip-all-timer
generate-haproxy-config
haproxy-start
haproxy-stop
set-load-balancing-mode
set-instance-weight
torrify-system-iptables-load-balanced
torrify-system-nftables-load-balanced
torrify-system-iptables
torrify-system-nftables
torrify-system-dns
torrify-system-iptables-dns
torrify-system-nftables-dns
start-tor-dns-iptables
start-tor-dns-nftables
detorrify-system-iptables
detorrify-system-nftables
detorrify-system-iptables-dns
detorrify-system-nftables-dns
stop-tor-dns-iptables
stop-tor-dns-nftables
cleanup
clean-orphan-services
refresh-auth
flush-iptables
flush-nftables
validate-torrc
validate-torrc-all
verify-tor-dns
verify-tor-dns-all
verify-tor-dns-direct
verify-tor-dns-port
verify-auth
set-tor-bridge
set-tor-bridge-all
clear-tor-bridge
clear-tor-bridge-all
enable-tor-logs
disable-tor-logs
view-tor-logs
Commands Without Authentication (29)
check-tor
check-tor-all
torverify
tor-status
tor-status-all
get-tor-status
get-tor-status-all
get-tor-custom-status
get-instance-pid
which-is-active
list-instances
list-haproxy-modes
haproxy-status
display-load-balancing-config
list-iptables
list-nftables
list-ip-timers
list-torrclines
list-torrclines-all
show-torrc-custom
show-torrc-custom-all
get-instance-port
get-control-port
get-socks-port
check-instance-status
check-bridges
check-bridges-all
monitor-bandwidth
health-control
Total Commands: 186 | Auth Required: 114 | No Auth: 72
Commands Requiring Authentication (114)
block-internet
kill-network
kill-network-interface
kill-process
set-timezone
sync-timezone
change-hostname
set-default-hostname
set-random-hostname
set-custom-hostname
set-random-hostname-category
set-random-timezone
mac-change-all
mac-force-change
mac-change-specific
offline-bluetooth
offline-wifi
offline-usb-storage
offline-webcam
offline-microphone
offline-system-logs
offline-cups
offline-network-manager
offline-num-lock
offline-cmd-history
offline-auto-login
offline-screen-lock
offline-fd-limit
offline-net-optimize
offline-bbr
offline-if-speed
offline-avahi
offline-modem-manager
offline-ssh
offline-apache
offline-nginx
offline-docker
offline-mysql
offline-postgresql
security-harden
security-recover
security-reset
monitoring-enable
monitoring-disable
ipv6-disable
ipv6-enable
tirdad-enable
tirdad-disable
ram-wipe
swap-encrypt
swap-decrypt
luks-nuke
luks-manage
luks-remove
luks-nuke-advanced
luks-manage-advanced
create-persistence
container-create
container-mount
container-unmount
memory-clean
memory-force-clean
memory-wipe
memory-wipe-process
swap-configure
disable-swap
enable-swap
ram-wipe-enable
ram-wipe-disable
swap-enable
swap-disable
usbguard-enable
usbguard-disable
usb-policy
usb-whitelist
storage-wipe
storage-encrypt
encryption-tune
kill-switch-arm
kill-switch-activate
kloak-enable
kloak-disable
kloak-configure
kloak-event-mode
aide-update
aide-init
aide-reinit
aide-scan-dir
auto-updates-enable
auto-updates-disable
system-maintenance-enable
system-maintenance-disable
password-policy-enable
password-policy-disable
user-security-enable
user-security-disable
two-factor-enable
two-factor-disable
check-and-install-do
package-cleanup
clear-cache
coldboot-defense-enable
coldboot-defense-disable
memory-limits
Commands Without Authentication (72)
unblock-internet
recover-internet
mac-reset-all
kill-switch-disarm
panic-soft
panic-medium
panic-hard
panic-profile
panic-recover
create-recovery-point
wipe-file
wipe-directory
wipe-logs
wipe-batch
wipe-browser-data
wipe-free-space
wipe-pattern
wipe-schedule
wipe-verify
notify
play-sound
net-check
net-check-http
list-ips
list-domains
get-hostname
get-logged-user
show-timezone
show-remote-timezone
list-timezones
list-hostnames
mac-show-interfaces
mac-show-macs
mac-active-interface
security-status
ipv6-status
tirdad-status
ram-wipe-status
disk-encryption-status
swap-status
offline-info-system
offline-info-hardware
offline-info-process
offline-info-security
offline-info-network
offline-info-user
offline-info-storage
offline-info-services
offline-info-all
security-score
security-report
scoring-profile
security-history
rootkit-scan
rootkit-scan-enhanced
lynis-audit
lynis-status
clamav-scan
system-audit
internet-status
kill-switch-status
encryption-status
usb-list
memory-stats
auto-updates-status
system-maintenance-status
password-policy-status
user-security-status
two-factor-status
kloak-status
kloak-stats
aide-check
usb-monitor
usb-history
hardware-rng-verify
entropy-status
boot-integrity-check
swap-encrypt-status
check-and-install
security-verify
security-remediate
Authentication Workflow
# 1. Initial Authentication
sudo ./online-auth authenticate --keep-alive
# Or with auto-relogin for automatic reconnection
sudo ./online-auth authenticate --relogin
# 2. Verify Authentication
./online-auth check-login
# 3. Use Authenticated Services
sudo ./tor-switch start-tor # Requires auth (all tor-switch commands)
sudo ./health-control block-internet # Requires auth
./ip-fetch plain-ip # No auth needed
# 4. Emergency Operations (No Auth Required)
./health-control panic-soft # Emergency bypass
./routing-switch disconnect # Emergency recovery
# 5. Logout When Complete
./online-auth logout
Authentication Implementation Summary
Services With Authentication Requirements
| Service | Authentication Level | Details |
|---|---|---|
| health-control | Mixed Authentication | 114 commands require auth, 72 emergency bypasses |
| tor-switch | Mixed Authentication | 79 commands require auth, 29 don't |
| dns-switch | Mixed Authentication | 11 commands require auth, 14 don't |
| online-info-switch | Mixed Authentication | 7 commands require auth, 5 don't |
| routing-switch | Mixed Authentication | 11 commands require auth, 7 emergency/status don't |
| online-auth | Special Provider | 8 commands require auth, 6 status don't |
| ip-fetch | Selective Authentication | Only 1 bulk operation requires auth, 12 don't |
| dns-leak | Selective Authentication | Only test command requires auth, 3 don't |
Services NOT Using auth-shared Library
| Service | Authentication | Details |
|---|---|---|
| logs-hook | No Authentication | Logging service - operates independently |
| global-launcher | No Authentication | Service launcher - no auth integration |
| deps-checker | No Authentication | Dependency checker - read-only operations |
| permission-guard | No Authentication | Permission monitor - operates independently |
| integrity-check | No Authentication | Integrity verification - no auth needed |
Special Authentication Components
| Component | Role | Purpose |
|---|---|---|
| online-auth | Authentication Provider | Primary authentication service managing sessions |
| auth-shared | Authentication Library | Shared library providing auth functionality to services |
| KODACHI_CALLING_SERVICE | Environment Variable | Service identity verification mechanism |
System Requirements and Permissions
Privilege Escalation Requirements
| Operation Type | Required Permissions | Affected Binaries |
|---|---|---|
| Network Configuration | sudo/root | tor-switch (iptables/nftables), routing-switch, dns-switch |
| System Security | sudo/root | health-control (network/MAC/hostname operations) |
| Authentication Management | sudo/root | online-auth (system-wide operations) |
| Read-Only Operations | Standard user | ip-fetch, dns-leak, integrity-check, logs-hook |
Service Daemon Capabilities
| Service | Daemon Mode | Command | Purpose |
|---|---|---|---|
| online-auth | Heartbeat daemon | online-auth authenticate --keep-alive or --relogin |
Maintains authentication session |
| logs-hook | Integrated by all services | Automatic | Centralized logging for all operations |
| global-launcher | Service management | Standalone | Binary deployment and management |
Key Capabilities Overview
Advanced Network Operations
| Feature | Capability | Details |
|---|---|---|
| Tor Operations | 70+ Commands | Complete control over instances, circuits, and exit nodes |
| Load Balancing | Native Kernel-Level | Traffic distribution across multiple Tor instances |
| Protocol Support | 12 Protocols | OpenVPN, WireGuard, Tor, Shadowsocks, V2Ray, Xray variants, and more |
| DNS Resolvers | 50+ Options | DNSCrypt, DoT, DoH, Pi-hole integration |
Security and Protection
| Feature | Implementation | Purpose |
|---|---|---|
| Emergency Kill Switch | health-control kill-network |
Instant network termination |
| Panic System | 3 Levels (Soft/Medium/Hard) | Progressive data destruction |
| Data Wiping | Multi-pass shredding | Secure deletion with verification |
| MAC Randomization | Auto/Manual modes | Hardware address anonymization |
| Hostname Management | Random generation | System identity protection |
System Integration
| Aspect | Approach | Benefit |
|---|---|---|
| Memory Safety | Rust-first implementation | Robust error handling, no crashes |
| Performance | Optimized binaries | Fast response for critical operations |
| Output Format | JSON-first design | Easy automation and scripting |
| Path Detection | Dynamic resolution | Works on any Linux environment |
| Containment | Execution folder only | Enhanced security isolation |
Common Workflows
Network Anonymization Setup
# Authenticate and configure Tor
sudo ./online-auth authenticate # Basic authentication
# Or use --relogin for automatic reconnection on session expiry
sudo ./online-auth authenticate --relogin
sudo ./tor-switch start-tor
sudo ./tor-switch torrify-system-nftables # Prefer nftables (modern)
# sudo ./tor-switch torrify-system-iptables # Alternative: iptables (legacy)
./ip-fetch fetch # Fetch current IP info through Tor (ISP/ASN shows Tor exit node)
Multi-Protocol Routing
# Connect through various protocols
sudo ./routing-switch connect openvpn
sudo ./routing-switch connect shadowsocks
sudo ./routing-switch connect wireguard
sudo ./routing-switch status # Check active routing
sudo ./routing-switch list-protocols # List available protocols with scores
sudo ./routing-switch disconnect # Disconnect current protocol
Security Hardening
# System hardening workflow
sudo ./health-control set-random-hostname
sudo ./health-control mac-change-all
sudo ./permission-guard scan
sudo ./integrity-check check-integrity --json
DNS Configuration
# Secure DNS setup
sudo ./dns-switch switch --category encrypted # Use encrypted DNS
./dns-leak discover --json # Discover and analyze DNS configuration
sudo ./dns-switch random --type encrypted --count 3 # Use random encrypted resolvers
Emergency Response
# Quick privacy mode
sudo ./health-control panic-soft
sudo ./tor-switch restart-tor # Get new Tor circuit
# Complete shutdown
sudo ./health-control kill-network
sudo ./health-control wipe-logs
Performance Metrics
| Metric | Value | Description |
|---|---|---|
| Binary Count | 14 | Complete security suite |
| Total Size | ~130MB | All binaries combined |
| Protocol Support | 12 | Routing protocols supported |
| DNS Resolvers | 50+ | Available DNS options |
| Tor Commands | 70+ | Tor management operations |
Documentation Structure
User Guides
| Category | Description |
|---|---|
| Network Tools | Detailed guides for network and anonymization tools |
| Security Tools | Comprehensive security and authentication documentation |
| Protection Tools | System protection and monitoring guides |
| Infrastructure Tools | Service infrastructure and management documentation |
API Reference
| Reference | Description |
|---|---|
| Binary Reference | Complete command-line API documentation for all binaries |
Security Considerations
Important Security Notice
These tools provide powerful capabilities that should be used responsibly and in accordance with local laws and regulations. Kodachi OS and its binaries are designed for legitimate privacy protection and security testing purposes only.
Security Implementation Details
| Feature | Implementation |
|---|---|
| Authentication | Services use KODACHI_CALLING_SERVICE environment variable for identity |
| Certificate Pinning | TLS 1.3 with pinned certificates for network operations |
| Error Handling | Comprehensive error propagation without crashes |
| Audit Trail | All operations logged through centralized logs-hook service |
Example JSON error response structure:
{
"status": "error",
"error": {
"code": "AUTH_FAILED",
"message": "Authentication required",
"details": "Service requires valid authentication token",
"timestamp": "2025-09-19T10:00:00Z"
}
}
Authentication Flow
| Step | Command | Purpose |
|---|---|---|
| 1 | sudo ./online-auth authenticate --keep-alive or --relogin |
Initial authentication (--relogin includes keep-alive) |
| 2 | ./online-auth check-login |
Check authentication status |
| 3 | Service usage | Authenticated services automatically verify before execution |
| 4 | ./online-auth logout |
Logout when finished |
System Information
| Component | Version | Build Date | License |
|---|---|---|---|
| Kodachi OS | 9.0.1 | 2025 | Proprietary |
| Rust Binaries | 9.0.1 | 2025-09-18 | Proprietary |
| Documentation | 9.0.1 | 2025-09-19 | © 2025 Linux Kodachi |
| Author | Warith Al Maawali | - | All Rights Reserved |