SYN-Scan-Firewall/install.sh

#!/bin/bash
/usr/bin/echo "Installing libpcap-dev"
/usr/bin/sudo /usr/bin/touch /var/log/SYN-Scan-Firewall.log
/usr/bin/sudo /usr/bin/chmod 640 /var/log/SYN-Scan-Firewall.log
/usr/bin/sudo /usr/bin/apt update
/usr/bin/sudo /usr/bin/apt install -y libpcap-dev

/usr/bin/echo "Create the service account for Banner"
/usr/bin/sudo /usr/sbin/groupadd bannersvc
/usr/bin/sudo /usr/sbin/useradd -r -g bannersvc -s /usr/sbin/nologin -d /var/lib/banner-service bannersvc
/usr/bin/sudo /usr/bin/mkdir -p /var/lib/banner-service
/usr/bin/sudo /usr/bin/chown bannersvc:bannersvc /var/lib/banner-service
/usr/bin/sudo /usr/bin/chmod 750 /var/lib/banner-service

# Force rebuild of packages, Remove file system paths from executable, Reduces binary size and removes debug info, Enables ASLR (Address Space Layout Randomization), and Use Go's native DNS resolver.
/usr/bin/echo "Building Banner Service..."
/usr/local/bin/go build \
    -a \
    -trimpath \
    -ldflags="-s -w -extldflags=-z,now,-z,relro" \
    -buildmode=pie \
    -tags=netgo \
    -o banner_service \
    banner_service.go

if [ $? -eq 0 ]; then
    /usr/bin/echo "Built Banner Service..."
else
    /usr/bin/echo "Failed to compile Banner Service!"
    exit 1
fi

if [ -f /etc/systemd/system/banner.service ]; then
    /usr/bin/sudo /usr/bin/systemctl disable --now banner.service
fi

/usr/bin/sudo /usr/bin/cp banner_service /usr/local/bin/
/usr/bin/sudo /usr/bin/chown root:bannersvc /usr/local/bin/banner_service
/usr/bin/sudo /usr/bin/chmod 750 /usr/local/bin/banner_service

/usr/bin/echo "Set capabilities (for binding to port 9999 without root)"
/usr/bin/sudo /usr/sbin/setcap 'cap_net_bind_service=+ep' /usr/local/bin/banner_service

if [ ! -f /etc/systemd/system/banner.service ]; then
    /usr/bin/echo "Copy over Service Files"
    /usr/bin/sudo /usr/bin/cp banner.service  /etc/systemd/system/banner.service
    /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/banner.service
    /usr/bin/sudo /usr/bin/mkdir -p /etc/systemd/system/banner.service.d
    /usr/bin/sudo /usr/bin/cp seccomp.conf /etc/systemd/system/banner.service.d/seccomp.conf
    /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/banner.service
    /usr/bin/echo "Enable the service for Banner"
    /usr/bin/sudo /usr/bin/systemctl daemon-reload
fi
/usr/bin/sudo /usr/bin/systemctl enable --now banner.service

/usr/bin/echo "Create the service account for synfirewall"
sudo groupadd synfirewall
sudo useradd -r -g synfirewall -s /usr/sbin/nologin \
  -d /var/lib/syn-firewall -c "SYN Scan Firewall" synfirewall

if sudo test ! -f /etc/SYN-Scan-Firewall/config.yaml; then
    /usr/bin/echo "Making config.yaml"
    /usr/bin/sudo /usr/bin/mkdir -p /etc/SYN-Scan-Firewall
    /usr/bin/sudo /usr/bin/chown synfirewall:synfirewall /etc/SYN-Scan-Firewall
    /usr/bin/sudo /usr/bin/chmod 750 /etc/SYN-Scan-Firewall
    /usr/bin/sudo /usr/bin/cp config-example.yaml  /etc/SYN-Scan-Firewall/config.yaml
    /usr/bin/sudo /usr/bin/chmod 640 /etc/SYN-Scan-Firewall/config.yaml
    /usr/bin/sudo /usr/bin/nano /etc/SYN-Scan-Firewall/config.yaml
fi
/usr/bin/echo "Making lib dir..."
/usr/bin/sudo /usr/bin/mkdir -p /var/lib/syn-firewall
/usr/bin/sudo /usr/bin/chown synfirewall:synfirewall /var/lib/syn-firewall
/usr/bin/sudo /usr/bin/chmod 750 /var/lib/syn-firewall
./reBuild.sh

if [ ! -f /etc/systemd/system/SYN-Scan-Firewall.service ]; then
    /usr/bin/echo "Copy over Service Files for SYN-Scan-Firewall"
    /usr/bin/sudo /usr/bin/cp SYN-Scan-Firewall.service /etc/systemd/system/
    /usr/bin/sudo /usr/bin/chmod 644 /etc/systemd/system/SYN-Scan-Firewall.service
fi
if [ ! -f /etc/apparmor.d/usr.local.bin.SYN-Scan-Firewall ]; then
    /usr/bin/echo "Adding AppArmor policy file..."
    /usr/bin/sudo /usr/bin/cp AppArmor.policy  /etc/apparmor.d/usr.local.bin.SYN-Scan-Firewall
fi
#/usr/bin/echo "Enable the service for SYN-Scan-Firewall"
#sudo systemctl daemon-reload
#sudo systemctl enable --now SYN-Scan-Firewall.service