#!/bin/bash /usr/bin/echo "Installing libpcap-dev" /usr/bin/sudo /usr/bin/touch /var/log/SYN-Scan-Firewall.log /usr/bin/sudo /usr/bin/chmod 640 /var/log/SYN-Scan-Firewall.log /usr/bin/sudo /usr/bin/apt update /usr/bin/sudo /usr/bin/apt install -y libpcap-dev /usr/bin/echo "Create the service account for Banner" /usr/bin/sudo /usr/sbin/groupadd bannersvc /usr/bin/sudo /usr/sbin/useradd -r -g bannersvc -s /usr/sbin/nologin -d /var/lib/banner-service bannersvc /usr/bin/sudo /usr/bin/mkdir -p /var/lib/banner-service /usr/bin/sudo /usr/bin/chown bannersvc:bannersvc /var/lib/banner-service /usr/bin/sudo /usr/bin/chmod 750 /var/lib/banner-service # Force rebuild of packages, Remove file system paths from executable, Reduces binary size and removes debug info, Enables ASLR (Address Space Layout Randomization), and Use Go's native DNS resolver. /usr/bin/echo "Building Banner Service..." /usr/local/bin/go build \ -a \ -trimpath \ -ldflags="-s -w -extldflags=-z,now,-z,relro" \ -buildmode=pie \ -tags=netgo \ -o banner_service \ banner_service.go if [ $? -eq 0 ]; then /usr/bin/echo "Built Banner Service..." else /usr/bin/echo "Failed to compile Banner Service!" exit 1 fi if [ -f /etc/systemd/system/banner.service ]; then /usr/bin/sudo /usr/bin/systemctl disable --now banner.service fi /usr/bin/sudo /usr/bin/cp banner_service /usr/local/bin/ /usr/bin/sudo /usr/bin/chown root:bannersvc /usr/local/bin/banner_service /usr/bin/sudo /usr/bin/chmod 750 /usr/local/bin/banner_service /usr/bin/echo "Set capabilities (for binding to port 9999 without root)" /usr/bin/sudo /usr/sbin/setcap 'cap_net_bind_service=+ep' /usr/local/bin/banner_service if [ ! -f /etc/systemd/system/banner.service ]; then /usr/bin/echo "Copy over Service Files" /usr/bin/sudo /usr/bin/cp banner.service /etc/systemd/system/banner.service /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/banner.service /usr/bin/sudo /usr/bin/mkdir -p /etc/systemd/system/banner.service.d /usr/bin/sudo /usr/bin/cp seccomp.conf /etc/systemd/system/banner.service.d/seccomp.conf /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/banner.service /usr/bin/echo "Enable the service for Banner" /usr/bin/sudo /usr/bin/systemctl daemon-reload fi /usr/bin/sudo /usr/bin/systemctl enable --now banner.service /usr/bin/echo "Create the service account for synfirewall" sudo groupadd synfirewall sudo useradd -r -g synfirewall -s /usr/sbin/nologin \ -d /var/lib/syn-firewall -c "SYN Scan Firewall" synfirewall if sudo test ! -f /etc/SYN-Scan-Firewall/config.yaml; then /usr/bin/echo "Making config.yaml" /usr/bin/sudo /usr/bin/mkdir -p /etc/SYN-Scan-Firewall /usr/bin/sudo /usr/bin/chown synfirewall:synfirewall /etc/SYN-Scan-Firewall /usr/bin/sudo /usr/bin/chmod 750 /etc/SYN-Scan-Firewall /usr/bin/sudo /usr/bin/cp config-example.yaml /etc/SYN-Scan-Firewall/config.yaml /usr/bin/sudo /usr/bin/chmod 640 /etc/SYN-Scan-Firewall/config.yaml /usr/bin/sudo /usr/bin/nano /etc/SYN-Scan-Firewall/config.yaml fi /usr/bin/echo "Making lib dir..." /usr/bin/sudo /usr/bin/mkdir -p /var/lib/syn-firewall /usr/bin/sudo /usr/bin/chown synfirewall:synfirewall /var/lib/syn-firewall /usr/bin/sudo /usr/bin/chmod 750 /var/lib/syn-firewall ./reBuild.sh if [ ! -f /etc/systemd/system/SYN-Scan-Firewall.service ]; then /usr/bin/echo "Copy over Service Files for SYN-Scan-Firewall" /usr/bin/sudo /usr/bin/cp SYN-Scan-Firewall.service /etc/systemd/system/ /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/SYN-Scan-Firewall.service fi if [ ! -f /etc/apparmor.d/usr.local.bin.SYN-Scan-Firewall ]; then /usr/bin/echo "Adding AppArmor policy file..." /usr/bin/sudo /usr/bin/cp AppArmor.policy /etc/apparmor.d/usr.local.bin.SYN-Scan-Firewall fi #/usr/bin/echo "Enable the service for SYN-Scan-Firewall" #sudo systemctl daemon-reload #sudo systemctl enable --now SYN-Scan-Firewall.service