diff --git a/execguard.go b/execguard.go index 52cecba..96fdf05 100644 --- a/execguard.go +++ b/execguard.go @@ -44,6 +44,7 @@ type Config struct { } var initMode bool +var initFile string var updateFile string var migrateMode bool var newKey bool @@ -52,7 +53,8 @@ var dbMutex sync.Mutex func main() { flag.BoolVar(&initMode, "init", false, "initialize and populate allowed executable database") - flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash") + flag.StringVar(&initFile, "initFile", "", "file containing files to add to allowed database with hash") + flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash") flag.BoolVar(&migrateMode, "migrate", false, "recompute hashes of all allowed paths using current settings") flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key") flag.Parse() @@ -94,6 +96,16 @@ func main() { createTable(db) + if initFile != "" { + absPath, err := filepath.Abs(initFile) + if err != nil { + log.Fatalf("Invalid init file path: %v", err) + os.Exit(1) // Exit with status code 1 + } + runInit(db, absPath) + return + } + if updateFile != "" { absPath, err := filepath.Abs(updateFile) if err != nil { @@ -155,6 +167,31 @@ func createTable(db *sql.DB) { } } +func readFile(db *sql.DB, input *os.File) { + defer input.Close() + + scanner := bufio.NewScanner(input) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if line != "" { + time.Sleep(time.Duration(100) * time.Millisecond) + addToAllowed(db, line) + log.Printf("Migrated path: %s", line) + } + } + if err := scanner.Err(); err != nil { + log.Printf("Error reading Migrate file: %v", err) + } +} + +func runInit(db *sql.DB, path string) { + input, err := os.Open(path) + if err != nil { + log.Fatalf("Failed to open temp file: %v", err) + } + readFile(db, input) +} + func runMigration(db *sql.DB) { tempFile := "Migrate" @@ -178,27 +215,12 @@ func runMigration(db *sql.DB) { } _, _ = fmt.Fprintln(f, path) } - f.Close() // make sure it can be read next - - // Reopen to read - input, err := os.Open(f.Name()) - if err != nil { - log.Fatalf("Failed to open temp file: %v", err) - } - defer input.Close() - scanner := bufio.NewScanner(input) - for scanner.Scan() { - line := strings.TrimSpace(scanner.Text()) - if line != "" { - time.Sleep(time.Duration(1) * 100 * time.Millisecond) - addToAllowed(db, line) - log.Printf("Migrated path: %s", line) - } - } - if err := scanner.Err(); err != nil { - log.Printf("Error reading Migrate file: %v", err) - } + // Seek back to start instead of closing/reopening + if _, err := f.Seek(0, 0); err != nil { + log.Fatalf("Failed to seek file: %v", err) + } + readFile(db, f) } func isAllowed(db *sql.DB, path string) bool { diff --git a/export.sh b/export.sh new file mode 100644 index 0000000..f3a765e --- /dev/null +++ b/export.sh @@ -0,0 +1,3 @@ +#!/bin/bash +sudo sqlite3 /etc/execguard/allowed.db "SELECT path FROM allowed;" > migrated_apps.txt +echo "On remote PC: \$ sudo execguard --initFile migrated_apps.txt"