🔐 A real-time application control system for Ubuntu Linux that monitors and terminates unauthorized processes with PAM authentication.
GitHub Description:
🛡️ FICHA - Application Security Vault for Ubuntu. Real-time process monitoring daemon with PAM auth, stealth mode, and auto-lock. Kill unauthorized apps on sight. Built with Rust + Tauri.
Ficha is a high-performance application monitoring daemon designed for Ubuntu users who require absolute control over their environment. It acts as a proactive shield that prevents unauthorized software execution by monitoring the system process tree in real-time and terminating blacklisted applications instantly.
Ficha operates on a "Zero-Trust" principle for protected applications.
- The Watchlist: You add
brave(Brave Browser) to your protected watchlist. - The Lock: When Ficha is locked, any attempt to launch Brave results in an immediate
SIGKILLsent to the process. The user sees the app close instantly. - The Unlock: You open the Ficha dashboard and authenticate using your OS admin/system password.
- The Access: Only once Ficha is "Active" are the kernel hooks temporarily lifted for your session, allowing Brave to launch normally.
- Session Terminate: Closing Ficha or clicking "Terminate Session" immediately re-engages the shield, killing any running instances of Brave to ensure privacy.
- Real-time Process Monitoring: Continuous
/procfilesystem scanning to detect and terminate protected applications instantly via SIGKILL - PAM Authentication: Secure OS-level authentication using your system password (optional, with development fallback)
- Stealth Mode: Process name obfuscation to hide from system monitors (disguises as
systemd-resolve) - Session Lock on Idle: Automatic shield lock after configurable inactivity timeout (1-10 minutes)
- Auto-start on Boot: System-level autostart with desktop integration
- Advanced Policy Engine:
- Immediate termination of blacklisted processes
- Smart process matching (handles app variants like brave/brave-browser-stable)
- Configurable security policies
- Full Audit Trail: SQLite-based security logs with real-time event streaming
- Modern UI: Material 3-inspired design with emerald/slate theme
Ficha uses a Flutter-inspired Material 3 aesthetic optimized for Desktop use:
- Navigation Rail: A sleek, compact sidebar for high-density information access.
- Emerald/Slate Palette: High-contrast security-focused UI for clarity in dark environments.
- Glassmorphism: Subtle background blurs and depth using Tailwind CSS backdrop filters.
- Backend: Rust (Tauri) with native Linux process monitoring
- Frontend: React + TypeScript
- Styling: Tailwind CSS (Material 3 Design)
- Icons: Lucide-React
- Database: SQLite (rusqlite)
- Authentication: Linux PAM (optional)
- Process Termination: SIGKILL via
/procfilesystem scanning
# Clone the repository
git clone https://github.com/yourusername/ficha-app.git
cd ficha-app
# Install dependencies
pnpm install
# Run in development mode
pnpm tauri dev
# Build for distribution (with PAM auth)
pnpm tauri build -- --features pam-auth📖 Full Documentation:
- Quick Start Guide - Get started in 5 minutes
- Build Guide - Create distributable binaries
- Implementation Details - Technical architecture
- Download the latest
.AppImageor.debfrom Releases - Install the icon:
./install-icon.sh - Run the app
See BUILD.md for detailed build instructions.
The daemon continuously scans /proc for new processes and immediately terminates (SIGKILL) any that match your protected watchlist when the shield is locked. When you unlock with your system password (PAM auth), monitoring is disabled and apps run normally.
Database: ~/.local/share/com.ficha.app/ficha.db
This project is for educational and personal use. Use responsibly.
Developed for the Linux Power User. 🐧🛡️