Health Control
File Information
| Property | Value |
|---|---|
| Binary Name | health-control |
| Version | 9.0.1 |
| File Size | 8.0MB |
| Author | Warith Al Maawali |
| License | Proprietary |
| Category | Security & Authentication |
| Description | Health control system for Kodachi that includes network connectivity checks and system health monito... |
| JSON Data | View Raw JSON |
SHA256 Checksum
Key Features
Emergency Response System
| Feature | Description |
|---|---|
| Panic Modes | Three levels of emergency response (soft, medium, hard) |
| Kill Switch | Instant network termination with armed/disarmed states |
| Data Destruction | Military-grade secure wiping of files and logs |
| Identity Management | MAC address and hostname randomization |
Why Health Control is Critical
| Benefit | Description |
|---|---|
| Immediate Threat Response | React instantly to security breaches |
| Network Isolation | Cut all connections when compromised |
| Evidence Elimination | Secure data wiping prevents recovery |
| Hardware Anonymization | Change device fingerprints on demand |
| Recovery Options | Restore normal operations after threats pass |
TL;DR - Essential Commands
Important: Most commands require sudo as they modify system-level settings.
Network Control & Diagnostics
# Network connectivity testing
health-control net-check # Test IP & DNS connectivity
health-control net-check --http # Include HTTP connectivity test
health-control net-check --ip-only # Test IP connectivity only (skip DNS)
health-control net-check --domain-only # Test DNS only (skip IP ping)
health-control net-check --timeout 15 # Custom timeout (seconds)
health-control list-ips # Show test IP addresses
health-control list-domains # Show test domain names
# Block internet traffic (multiple methods available)
sudo health-control block-internet # Auto-detect best method
sudo health-control block-internet --method nftables # Modern firewall (preferred)
sudo health-control block-internet --method iptables # Legacy firewall
sudo health-control block-internet --method firewall # UFW (Uncomplicated Firewall)
sudo health-control block-internet --method interfaces # Disable network interfaces
sudo health-control block-internet --method all # Apply ALL methods
sudo health-control block-internet --allow-local # Block internet but allow LAN
# Restore internet access
sudo health-control unblock-internet # Auto-detect
sudo health-control unblock-internet --method all # Clear ALL blocks
# Check blocking status
health-control internet-status # Current blocking status
# Emergency operations
sudo health-control kill-network # Kill all network interfaces
sudo health-control kill-network-interface --interface wlan0 # Kill specific interface
sudo health-control recover-internet # Auto-diagnose & fix connectivity
sudo health-control recover-internet --check-dns # Include DNS fixes
Identity Management
# Change all MAC addresses (original MACs are NOT restored on reboot)
sudo health-control mac-change-all
# Set random hostname (original hostname is NOT restored on reboot)
sudo health-control set-random-hostname
# <i class="fas fa-exclamation-triangle" style="color: #ff9800;"></i> RESTORE WARNING: Document original MAC addresses and hostname before changing!
# Use 'ip link show' to view current MACs and 'hostname' for current hostname
Secure Data Wiping
DANGER: All wipe operations permanently destroy data. Files cannot be recovered!
# Wipe specific file (PERMANENTLY DESTROYED - UNRECOVERABLE)
sudo health-control wipe-file --file /path/to/sensitive.txt
sudo health-control wipe-file --file /path/to/file --passes 7 # Custom passes
# Wipe entire directory
sudo health-control wipe-directory --path /tmp/sensitive_dir
# Batch wipe multiple files
sudo health-control wipe-batch --paths /tmp/file1,/tmp/file2,/tmp/file3
# Wipe logs
sudo health-control wipe-logs # All logs
sudo health-control wipe-logs --type system # System logs only
sudo health-control wipe-logs --type all # Everything
# Wipe browser data
sudo health-control wipe-browser-data # All browsers
sudo health-control wipe-browser-data --browser firefox
sudo health-control wipe-browser-data --browser all
# Verify wipe was successful
sudo health-control wipe-verify --path /path/to/wiped/file
Password Generation
Generate secure passwords using multiple methods with customizable options:
# Generate single password (all methods)
health-control genpass
# Generate using specific method
health-control genpass --method pwgen # Random password
health-control genpass --method xkcdpass # Memorable passphrase
health-control genpass --method pass # GPG-style password
# Batch generate multiple passwords
health-control genpass --count 10
health-control genpass --method pwgen --count 50
# Customize password generation
health-control genpass --length 32 --symbols "@-_!#$"
health-control genpass --uppercase --lowercase --digits
# JSON output
health-control genpass --json
health-control genpass --method xkcdpass --count 20 --json
Password Generation Methods:
| Method | Description | Example Output |
|---|---|---|
| pass | GPG-based random characters | Jk9@mP-xQ2_aB5nRt8@Zy3 |
| pwgen | Pronounceable random passwords | pL7-xM@kW_bN5cD9rF |
| xkcdpass | Memorable word-based passphrases | correct-horse-battery-staple |
Key Features:
| Feature | Description |
|---|---|
| Batch Generation | Generate up to 1000 passwords at once |
| Customization | Control length (default: 25), character sets, symbols |
| Multiple Methods | Generate from all methods simultaneously |
| Native Fallback | Works even without packages installed |
| Package Detection | Shows install instructions for missing packages |
Examples:
# Default: generates from all methods
health-control genpass
# Output: Passwords from pass, pwgen, and xkcdpass
# Specific method with batch generation
health-control genpass --method pwgen --count 50
# Output: 50 random passwords
# Memorable passphrases
health-control genpass --method xkcdpass --count 10
# Output: 10 word-based passphrases
# Custom length and symbols
health-control genpass --length 32 --symbols "@-_!#$%^&*"
# JSON output for automation
health-control genpass --method pwgen --count 5 --json
Package Requirements:
| Package | Installation | Purpose |
|---|---|---|
| pass | sudo apt install pass |
GPG-based generation |
| pwgen | sudo apt install pwgen |
Random passwords |
| xkcdpass | sudo apt install xkcdpass |
Memorable passphrases |
Note: All methods work with native Rust fallback if packages aren't installed. Use --force-native to skip package detection.
Security Assessment
# Check overall security status
sudo health-control security-status
# Get security score (0-100)
sudo health-control security-score # Shows score, level, and fixes
sudo health-control security-score --json # Detailed JSON with category breakdowns
# Generate comprehensive report
sudo health-control security-report
sudo health-control security-history --days 30 # View historical data
Memory & Swap Security
# Memory cleaning
sudo health-control memory-clean # Clean memory caches
sudo health-control memory-force-clean # Force aggressive cleaning
sudo health-control memory-wipe # Secure memory wipe
# RAM wipe on shutdown
sudo health-control ram-wipe-enable # Enable RAM wipe
sudo health-control ram-wipe-disable # Disable RAM wipe
sudo health-control ram-wipe-status # Check status
# Swap encryption
sudo health-control swap-encrypt # Encrypt swap partition
sudo health-control swap-disable # Disable swap completely
sudo health-control swap-status # Check swap status
USB Security
# USB Guard protection
sudo health-control usb-guard-enable # Enable USB protection
sudo health-control usb-guard-disable # Disable USB protection
# USB device management
sudo health-control usb-monitor # Monitor USB connections
sudo health-control usb-history --days 7 # View USB history
sudo health-control usb-list # List current USB devices
# USB policies
sudo health-control usb-policy --action add --device-id 1234:5678 --allow
sudo health-control usb-policy --action list
LUKS Emergency Operations
EXTREME DANGER: LUKS nuke operations PERMANENTLY DESTROY all encrypted data!
# Emergency encryption destruction (DESTROYS ALL ENCRYPTED DATA FOREVER)
sudo health-control luks-nuke # DESTROY encryption headers
sudo health-control luks-nuke-advanced # Advanced nuke options
# Check encryption status
health-control disk-encryption-status
health-control encryption-status
Emergency Operations
# PANIC MODES - Increasing severity
sudo health-control panic-soft # Kill network + lock screen
sudo health-control panic-medium # + Kill processes + clear memory
sudo health-control panic-hard # + RAM wipe + immediate shutdown
# KILL SWITCH - Two-step safety
sudo health-control kill-switch-arm # Arm the kill switch
sudo health-control kill-switch-activate # Activate (requires armed state)
Understanding Key Security Features
Security Scoring System
Health Control evaluates your system security across 7 critical categories:
| Category | Weight | Check Item | Status |
|---|---|---|---|
| System Security | 30% | Disk encryption | Verified |
| System Security | 30% | Firewall status | Active |
| System Security | 30% | System updates | Current |
| System Security | 30% | Kernel hardening | Enabled |
| Privacy & Anonymity | 25% | VPN/Proxy status | Connected |
| Privacy & Anonymity | 25% | Tor configuration | Optimized |
| Privacy & Anonymity | 25% | DNS encryption | Active |
| Privacy & Anonymity | 25% | IP masking | Enabled |
| Network Security | 20% | Kill switch | Armed |
| Network Security | 20% | DNS leak protection | Active |
| Network Security | 20% | IPv6 privacy | Configured |
| Network Security | 20% | Network isolation | Enabled |
| Authentication | 10% | Kodachi auth status | Authenticated |
| Authentication | 10% | 2FA configuration | Enabled |
| Authentication | 10% | Password policies | Enforced |
| Authentication | 10% | Session security | Protected |
| Device Security | 5% | USB protection | Active |
| Device Security | 5% | Hardware RNG | Verified |
| Device Security | 5% | Secure boot | Enabled |
| Device Security | 5% | Physical ports | Secured |
| Advanced Privacy | 5% | Tirdad kernel module | Loaded |
| Advanced Privacy | 5% | RAM wipe config | Configured |
| Advanced Privacy | 5% | Cold boot defense | Active |
| Advanced Privacy | 5% | Anti-forensics | Enabled |
| Data Protection | 5% | Secure deletion | Configured |
| Data Protection | 5% | Browser privacy | Hardened |
| Data Protection | 5% | Clipboard security | Protected |
| Data Protection | 5% | Temp file handling | Secure |
Score Interpretation
| Score | Level | Description | Action Required |
|---|---|---|---|
| 90-100 | Excellent | Maximum protection active | Maintain current configuration |
| 70-89 | Good | Solid security, minor gaps | Review and fix recommendations |
| 50-69 | Fair | Basic protection only | Implement critical fixes |
| 30-49 | Poor | Significant vulnerabilities | Urgent remediation needed |
| 0-29 | Critical | System exposed | Immediate action required |
Check your score: sudo health-control security-score --json
Panic Mode Escalation
Three-tier emergency response system with increasing severity:
Level 1: Soft Panic
Use for: Public spaces, shoulder surfing, temporary privacy
| Action | Result | Recovery |
|---|---|---|
| Network termination | All connections cut | Automatic on reboot |
| Screen lock | Immediate lock screen | Password unlock |
| Clipboard wipe | Sensitive data cleared | No recovery needed |
| Browser pause | Tabs suspended | Resume on unlock |
Level 2: Medium Panic
Use for: Suspected compromise, active surveillance
| Action | Result | Recovery |
|---|---|---|
| Soft panic actions | All Level 1 protections | — |
| Process termination | Kill browsers, terminals, file managers | Manual restart |
| Memory clearing | RAM caches wiped | Reboot recommended |
| Volume unmounting | Encrypted disks locked | Re-mount required |
| Swap disable | Swap partition cleared | Manual re-enable |
Level 3: Hard Panic
Use for: Imminent seizure, critical breach
| Action | Result | Recovery |
|---|---|---|
| Medium panic actions | All Level 1+2 protections | — |
| RAM overwrite | Memory wiped 3x passes | Data unrecoverable |
| Key destruction | Encryption keys zeroed | Permanent loss |
| Forced shutdown | Immediate power off | Full system restart |
| LUKS header wipe | Optional disk encryption destroy | Drive unusable |
WARNING
Hard panic causes permanent data loss in RAM and potentially on disk.
Recovery Guidance
Post-Emergency Recovery Steps:
-
After Network Kill:
-
After MAC Changes:
-
After Hostname Changes:
-
After Memory Wipe:
| Action | Description |
|---|---|
| System Reboot | Reboot system to restore normal memory operation |
| Session Recovery | Reload applications and restore working sessions |
- After LUKS Nuke:
| Status | Action Required |
|---|---|
| Data Status | Data is permanently lost and unrecoverable |
| Recovery Option 1 | Restore from backups if available |
| Recovery Option 2 | Reinstall system if no backups exist |
Internet Blocking Methods
Multi-layer blocking system with fallback mechanisms:
Method Hierarchy
| Priority | Method | Technology | Speed | Security | Recovery |
|---|---|---|---|---|---|
| 1 | nftables |
Kernel netfilter (modern) | Instant | Highest | unblock-internet |
| 2 | iptables |
Kernel netfilter (legacy) | Instant | High | unblock-internet |
| 3 | firewall |
UFW frontend | Fast | Medium | ufw --force reset |
| 4 | interfaces |
Physical disconnect | Slow | Absolute | Interface restart |
Blocking Strategies
| Strategy | Command | Use Case | LAN Access |
|---|---|---|---|
| Auto-detect | block-internet |
General use | Blocked |
| All methods | block-internet --method all |
Maximum security | Blocked |
| Allow local | block-internet --allow-local |
Home/office use | Allowed |
| Specific | block-internet --method nftables |
Known environment | Configurable |
How Blocking Works
User Command → Method Detection → Rule Application → Verification
↓ ↓ ↓ ↓
block-internet Check available Apply firewall Test connectivity
methods rules/disable Log results
interfaces
Network Recovery Process
| Step | Command | Description |
|---|---|---|
| 1 | sudo health-control unblock-internet |
Remove all blocking rules |
| 2 | sudo health-control recover-internet |
Auto-diagnose and fix connectivity |
| 3 | sudo health-control recover-internet --check-dns |
Include DNS resolution fixes |
| 4 | sudo health-control recover-internet --force |
Force complete network reset |
Advanced Commands
For advanced users who need access to all available commands and options, please refer to the auto-generated command reference which includes:
| Feature | Description |
|---|---|
| Memory Management | Advanced memory management commands |
| Process Control | Process termination controls |
| Wipe Algorithms | Advanced secure wipe algorithms |
| Network Management | Network interface management |
| System Checks | System integrity verification |
| Panic Profiles | Custom panic mode profiles |
| CLI Reference | All command-line flags and parameters |
Related Tools
Health Control integrates with other Kodachi tools for complete security:
| Tool | Integration |
|---|---|
| IP Fetch | Use after network recovery to verify connectivity |
| DNS Leak | Test for DNS leaks after network changes |
| Tor Switch | Manage Tor connections affected by network blocking |
| Online Auth | Authentication may be affected by emergency operations |
Security Notes
Important Security Practices:
| Practice | Description |
|---|---|
| Test First | Test panic modes in safe environment first |
| Kill Switch Safety | Keep kill switch disarmed during normal use |
| Backup Strategy | Backup data before using wipe commands |
| Document Changes | Document MAC addresses before changing |
| Appropriate Response | Use appropriate panic level for threat |
| Recovery Points | Create recovery points before major changes |
Performance
| Metric | Value |
|---|---|
| Panic Response | < 1 second activation |
| Network Block | Instant (< 100ms) |
| MAC Change | 2-3 seconds per interface |
| File Wipe | Varies by size and pattern |
| Memory Usage | ~30MB active |
Support
| Resource | Link |
|---|---|
| Website | digi77.com |
| Anonymity Verifier | kodachi.cloud |
| Discord Support | discord.gg/KEFErEx |
| GitHub | github.com/WMAL |