bobs
/
execguard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Export

Browse Source
main
Robert 7 months ago
parent eae21d85e2
commit 8bde01627b
2 changed files with 46 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 60
      execguard.go
  2. 3
      export.sh

60
execguard.go
Unescape View File

@ -44,6 +44,7 @@ type Config struct {
} }
var initMode bool var initMode bool
var initFile string
var updateFile string var updateFile string
var migrateMode bool var migrateMode bool
var newKey bool var newKey bool
@ -52,6 +53,7 @@ var dbMutex sync.Mutex
func main() { func main() {
flag.BoolVar(&initMode, "init", false, "initialize and populate allowed executable database") flag.BoolVar(&initMode, "init", false, "initialize and populate allowed executable database")
flag.StringVar(&initFile, "initFile", "", "file containing files to add to allowed database with hash")
flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash") flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash")
flag.BoolVar(&migrateMode, "migrate", false, "recompute hashes of all allowed paths using current settings") flag.BoolVar(&migrateMode, "migrate", false, "recompute hashes of all allowed paths using current settings")
flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key") flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key")
@ -94,6 +96,16 @@ func main() {
createTable(db) createTable(db)
if initFile != "" {
absPath, err := filepath.Abs(initFile)
if err != nil {
log.Fatalf("Invalid init file path: %v", err)
os.Exit(1) // Exit with status code 1
}
runInit(db, absPath)
return
}
if updateFile != "" { if updateFile != "" {
absPath, err := filepath.Abs(updateFile) absPath, err := filepath.Abs(updateFile)
if err != nil { if err != nil {
@ -155,6 +167,31 @@ func createTable(db *sql.DB) {
} }
} }
func readFile(db *sql.DB, input *os.File) {
defer input.Close()
scanner := bufio.NewScanner(input)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
if line != "" {
time.Sleep(time.Duration(100) * time.Millisecond)
addToAllowed(db, line)
log.Printf("Migrated path: %s", line)
}
}
if err := scanner.Err(); err != nil {
log.Printf("Error reading Migrate file: %v", err)
}
}
func runInit(db *sql.DB, path string) {
input, err := os.Open(path)
if err != nil {
log.Fatalf("Failed to open temp file: %v", err)
}
readFile(db, input)
}
func runMigration(db *sql.DB) { func runMigration(db *sql.DB) {
tempFile := "Migrate" tempFile := "Migrate"
@ -178,27 +215,12 @@ func runMigration(db *sql.DB) {
} }
_, _ = fmt.Fprintln(f, path) _, _ = fmt.Fprintln(f, path)
} }
f.Close() // make sure it can be read next
// Reopen to read
input, err := os.Open(f.Name())
if err != nil {
log.Fatalf("Failed to open temp file: %v", err)
}
defer input.Close()
scanner := bufio.NewScanner(input) // Seek back to start instead of closing/reopening
for scanner.Scan() { if _, err := f.Seek(0, 0); err != nil {
line := strings.TrimSpace(scanner.Text()) log.Fatalf("Failed to seek file: %v", err)
if line != "" {
time.Sleep(time.Duration(1) * 100 * time.Millisecond)
addToAllowed(db, line)
log.Printf("Migrated path: %s", line)
}
}
if err := scanner.Err(); err != nil {
log.Printf("Error reading Migrate file: %v", err)
} }
readFile(db, f)
} }
func isAllowed(db *sql.DB, path string) bool { func isAllowed(db *sql.DB, path string) bool {

3
export.sh
Unescape View File

@ -0,0 +1,3 @@
#!/bin/bash
sudo sqlite3 /etc/execguard/allowed.db "SELECT path FROM allowed;" > migrated_apps.txt
echo "On remote PC: \$ sudo execguard --initFile migrated_apps.txt"
Write Preview
Loading…
Cancel
Save