Made install.sh

README.md

@@ -5,8 +5,20 @@ This for educational use ONLY. Not fit for any real world system.
 Beaware it is possible to lock your self out of your own system with this program, if not used right!
 Please look at the go code, etc...
 
+## Pre requirements:
+1. You must be in the sudoers file to become root.
+2. You should understand Linux Admin...
+3. Do a Full System Backup
+4. Know how to recover from a downed system. IE mount the filesystem from somewhere else to change the service file. If you do not understand SystemD then this program is not for you.
+
 ## If LOCKED OUT:
-Boot into some form of Recovery Mode: Boot into a Linux Live USB disk. Then mount your hard drive, open the folder to etc, right click and open in new Terminal. From the etc folder... change directory to systemd/system. Make sure that --init is turned on...once recovered and loaded all normal programs, so they are added to the allowed system Database, you may remove the --init to go back to enforce mode...
+- Boot into some form of Recovery Mode: 
+    - Boot into a Linux Live USB disk. 
+    - Then mount your hard drive, open the folder to etc, right click and open in new Terminal. 
+    - From the etc folder... 
+    - change directory to systemd/system. 
+    - Make sure that --init is turned on...
+    - Once recovered and loaded all normal programs, so they are added to the allowed system Database, you may remove the --init to go back to enforce mode...
 ```
 cd systemd/system/
 sudo nano execguard.service
@@ -20,7 +32,11 @@ This will initialize the /etc/execguard/system.db SQLite3 Database.
 It is in Leaning mode... All program will run as normal.
 
 ## How it works:
-NOTE: All executables are blocked that are not in the allowed.db, so the protected_dirs config does not matter! To add a program to this allowed.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Beacreful when updating/add to the allowed Database as the whole point is to Block Bad Programs, However, your systen need to run things, so be wise... You should monitor the output of the log file: tail -F /var/log/execguard.log 
+* NOTE: All executables are blocked that are not in the allowed.db, so the protected_dirs config does not matter! 
+* To add a program to this system.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Beacreful when updating/add to the allowed Database as the whole point is to Block Bad Programs.
+* However, your systen need to run things, so be wise... 
+* You should monitor the output of the log file: 
+    - tail -F /var/log/execguard.log 
 
 ## Make a key for xxtea
 This will generate a new key phrase for you that is safe in size...to be placed inside of your config.json file. Do this before you go live.
@@ -36,41 +52,24 @@ scan_interval is the number of minutes to delay before scanning the protected_di
     "log_file": "/var/log/execguard.log",
     "mail_prog": "/usr/bin/mail",
     "scanner_prog": "/usr/bin/clamscan",
-    "downloads": ["/home/exampleUser1/Downloads", "/home/exampleUser2/Downloads"],
+    "downloads": ["/home/EXAMPLEUSER1_CHANGEME/Downloads", "/home/USER2_IF_THEY_EXISTS/Downloads"],
     "scan_interval": 0,
-    "protected_dirs": ["/home"],
+    "protected_dirs": ["/home/EXAMPLEUSER_CHANGEME/Documents"],
     "skip_dirs": [".cache",".git"],
-    "alert_email": ""
+    "alert_email": "root@localhost"
     "passphrase": "cdzTE1Gk6/VuDlnU",
     "hash_encryption": "xxtea",
     "hash_type": "sha512"
 }
 ```
 ## Install
-Be sure to update your config.json file to have a passphrase that was generated by execgaurd --newKey...
 ```
 cd execgaurd
-sudo mkdir -p /etc/execguard/
-go build -o execguard
-sudo ./execguard --newKey
-## Copy the passphrase key into your clipboard.
-sudo cp config.json.example /etc/execguard/config.json
-sudo nano /etc/execguard/config.json
-## Paste your passphrase into the config.json file and save.
-
-sudo mv execguard /usr/local/bin/
-sudo execguard --update $(pwd)/update_bins.sh 
-sudo execguard --update $(pwd)/sys_update.sh
-sudo ./update_bins.sh
-sudo execguard --init
+./install.sh
 ```
-Ctrl+C to exit from execgaurd when done loading programs to allow.
-
 # Run a Service
 Kind of Dangerious!!:
 ```
-sudo cp execguard.service /etc/systemd/system/
-sudo systemctl daemon-reload
 sudo systemctl enable --now execguard
 sudo service execguard status
 ```
@@ -89,7 +88,8 @@ sudo execguard --update /path/to/program
 REPLACE /path/to/program with that found in the Log file.
 ```
 
-# Once done initializing the System:
+# Once done initializing the System, BEWARE....doing this...:
+If you have not allowed all the things needed for your system, it will HANG-UP and stop working!!!!
 ```
 sudo nano /etc/systemd/system/execguard.service
 [Service]
@@ -100,6 +100,7 @@ REMOVE the --init from ExecStart command
 Reboot.
 
 # Disable Auto-Updates
+Any unknown update will make changes to your bin files, as such they will get BLOCKED!!!!
 ```
 sudo systemctl disable --now apt-daily.timer
 sudo systemctl disable --now apt-daily-upgrade.timer
@@ -109,6 +110,7 @@ APT::Periodic::Unattended-Upgrade "0";
 sudo apt remove unattended-upgrades
 ```
 # Manual System Updates via Apt
+If not using apt, change the script to use your package manager.
 ```
 ./sys_update.sh
 ```
@@ -122,3 +124,19 @@ sudo ./execgaurd
 # If successful:
 sudo service execguard start
 ```
+## What to do if found Infected files:
+```
+sudo rm -rf /var/lib/clamav/quarantine/*
+```
+## TODOs:
+- [x] Allow Hash Type choice: sha256 or sha512.
+- [x] Allow Encyption on sad Hash: xxtea (default), xor, or none.
+- [x] Take a passphrase for Encyption.
+- [x] Local Mail Alerts to root user.
+- [x] Clamscan AV or use of other AV.
+- [x] Set Scan Interval in Minutes for Protected Dirs like: Docs
+    - Will remove executable bit from Documents...
+- [x] Auto scan new files in Downloads.
+- [x] Watch/Monitor Logs via: $ tail -F /var/log/execguard.log
+- [x] Use custom SQLite3 Database file: Default is /etc/execguard/system.db
+- [ ] Debug more...this is in Alpha.

build.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-go build -o execguard
-if [ $? -eq 0 ]; then
-    sudo cp execguard /usr/local/bin/
-    sudo ./execguard --update /usr/local/bin/execguard
-    echo -e "Running execguard...Hit CTRL+C to end."
-    sudo execguard
-fi    

config.json.example

@@ -3,11 +3,11 @@
     "log_file": "/var/log/execguard.log",
     "mail_prog": "/usr/bin/mail",
     "scanner_prog": "/usr/bin/clamscan",
-    "downloads": ["/home/exampleUser1/Downloads", "/home/exampleUser2/Downloads"],
-    "scan_interval": 0,
-    "protected_dirs": ["/home"],
+    "downloads": ["/home/EXAMPLEUSER1/Downloads", "/home/exampleUser2/Downloads"],
+    "scan_interval": 90,
+    "protected_dirs": ["/home/EXAMPLEUSER1/Documents"],
     "skip_dirs": [".cache",".git"],
-    "alert_email": ""
+    "alert_email": "",
     "passphrase": "cdzTE1Gk6/VuDlnU",
     "hash_encryption": "xxtea",
     "hash_type": "sha512"

core/make_key/make_key.go

@@ -2,7 +2,6 @@ package make_key
 
 import (
     "io"
-    "log"
     "crypto/rand"
     "encoding/base64"
     "fmt"
@@ -12,11 +11,14 @@ func randReader() io.Reader {
 	return rand.Reader
 }
 
-func Make_a_key(log log.Logger) {        
+func Make_a_key() bool{        
     // XXTEA key should be 16 bytes total...base64 will padd it...
     key := make([]byte, 12)
     if _, err := io.ReadFull(rand.Reader, key); err != nil {
-        log.Fatalf("Failed to generate key: %v", err)
+        fmt.Printf("Failed to generate key: %v", err)
+        return false
     }
-    fmt.Printf("Generated XXTEA key (base64): %s\n", base64.StdEncoding.EncodeToString(key))
+    // Generated XXTEA key (base64): 
+    fmt.Printf("%s", base64.StdEncoding.EncodeToString(key))
+    return true
 }

core/monitor_running_bins/monitor_running_bins.go

@@ -104,6 +104,7 @@ func MonitorExecutions(db *sql.DB, log log.Logger, mailPath string) error {
                         } else {
                             if !sys_database.IsAllowed(db, log, absPath) {
                                 log.Printf("Blocked execution attempt: %s", absPath)
+                                resp.Response = unix.FAN_DENY
 
                                 if _, seen := alertCache.LoadOrStore(absPath, struct{}{}); !seen {
                                     go alert.SendAlert(fmt.Sprintf("Unauthorized execution attempt blocked: %s", absPath), db, log)
@@ -111,8 +112,6 @@ func MonitorExecutions(db *sql.DB, log log.Logger, mailPath string) error {
                                         alertCache.Delete(absPath)
                                     })
                                 }
-
-                                resp.Response = unix.FAN_DENY
                             }
                         }
                     }

docs/MalDetect.md

@@ -0,0 +1,38 @@
+# MalDetect For Ubuntu:
+### FYI
+I'm not sure how usefull this is on systems, it is for monitoring your web server.
+## Install clamAV
+```
+$ sudo apt update && sudo apt install -y perl wget
+$ sudo apt install -y clamav clamav-daemon
+$ sudo freshclam
+```
+## maldetect
+```
+$ sudo apt install -y inotify-tools
+$ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
+$ tar -xzf maldetect-current.tar.gz
+$ cd maldetect-*
+$ sudo ./install.sh
+$ sudo nano /usr/local/maldetect/monitor_paths
+/tmp
+/var/www
+/home
+
+$ sudo nano /usr/local/maldetect/conf.maldet
+quarantine_hits	Move infected files to quarantine	1 (enable)
+quarantine_clean	Automatically clean malware	0 (manual review recommended)
+scan_clamscan	Use ClamAV for scanning	1 (if ClamAV is installed)
+inotify_monitor	Enable real-time monitoring	1 (enable)
+```
+## Active Monitor
+```
+$ sudo maldet --monitor /usr/local/maldetect/monitor_paths
+$ sudo crontab -e
+0 2 * * * /usr/local/maldetect/maldet --scan-all /var/www /home -r /root/maldet-scan.log
+```
+## Update maldetect Signatures
+```
+$ sudo maldet --update
+$ sudo maldet --monitor enable
+```

execguard.go

@@ -14,6 +14,7 @@ import (
 	"log"
     "strings"
 	"os"
+    "fmt"    
 	"path/filepath"
 	_ "github.com/mattn/go-sqlite3"
 )
@@ -70,8 +71,16 @@ func main() {
     flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key")
 	flag.Parse()
 
+    if newKey {
+        if make_key.Make_a_key() {
+            return
+        } else {
+            os.Exit(1) // Exit with status code 1
+        }
+    }
+
 	if os.Geteuid() != 0 {
-		log.Fatal("This program must be run as root")
+		fmt.Printf("This program must be run as root")
         os.Exit(1) // Exit with status code 1
 	}
     
@@ -87,7 +96,7 @@ func main() {
 
 	config, err := configure.LoadConfig(configFile)
 	if err != nil {
-		log.Fatalf("Error loading config: %v", err)
+		fmt.Printf("Error loading config: %v", err)
         os.Exit(3) // Exit with status code 3
 	}
     
@@ -157,12 +166,6 @@ func main() {
 	}
 	defer logf.Close()
 	log.SetOutput(logf)
-    
-    if newKey {
-        make_key.Make_a_key(log)
-        return
-    }
-
 
 	db, err := sql.Open("sqlite3", dbFile)
 	if err != nil {

export.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
-sudo sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > migrated_apps.txt
-echo "On remote PC: \$ sudo execguard --initFile migrated_apps.txt"
+/usr/bin/sudo /usr/bin/sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > migrated_apps.txt
+echo "On the remote PC: \$ sudo execguard --initFile migrated_apps.txt"

go.mod

@@ -8,4 +8,4 @@ require (
 	golang.org/x/sys v0.33.0
 )
 
-require github.com/fsnotify/fsnotify v1.9.0 // indirect
+require github.com/fsnotify/fsnotify v1.9.0

install.sh

@@ -0,0 +1,206 @@
+#!/bin/bash
+# See if the User can become ROOT user
+if [ "$EUID" -eq 0 ]; then
+   USE_SUPER=""
+elif groups "$USER" | grep -o "sudo" >/dev/null 2>/dev/null; then
+   USE_SUPER="/usr/bin/sudo"
+elif groups "$USER" | grep -o "doas" >/dev/null 2>/dev/null; then
+   USE_SUPER="/usr/bin/doas"
+elif groups "$USER" | grep -o "wheel" >/dev/null 2>/dev/null; then
+   USE_SUPER="/usr/bin/sudo"
+elif groups "$USER" | grep -o "admin" >/dev/null 2>/dev/null; then
+   USE_SUPER="/usr/bin/sudo"
+else
+   USE_SUPER="error"
+fi
+
+if [ "$USE_SUPER" == "error" ]; then
+   /usr/bin/echo "Please run as root! OR add self to suders file!"
+   exit 1
+fi
+
+if [ ! -f config.json.example ]; then
+   /usr/bin/echo "Default config EXAMPLE file missing...Bailing..."
+   /usr/bin/echo "Please re-create or re-download the config.json.example file."
+   exit 1
+fi
+if [ ! -f go.mod ]; then
+   /usr/bin/echo "go.mod program descriptor missing!"
+   exit 1
+fi
+if [ ! -f execguard.go ]; then
+   /usr/bin/echo "execguard go code missing!"
+   exit 1
+fi
+
+
+# Help OLD systems out...if apt does not exists link to apt-get!
+if [ ! -x /usr/bin/apt ]; then
+   if [ -x /usr/bin/apt-get ]; then
+      ${USE_SUPER} ln -s /usr/bin/apt-get /usr/bin/apt
+   fi
+fi
+
+auto-pkg-installer() {
+if [ -z "$1" ]; then
+   /usr/bin/echo "Please give a package name to install!"
+   return 1
+fi
+
+declare -A osInfo;
+osInfo[/etc/redhat-release]="yum install"
+osInfo[/etc/arch-release]="pacman -S"
+osInfo[/etc/gentoo-release]="emerge"
+osInfo[/etc/SuSE-release]="zypper install"
+osInfo[/etc/debian_version]="/usr/bin/apt install -y"
+osInfo[/etc/alpine-release]="apk add --no-cache"
+for f in "${!osInfo[@]}"
+do
+   if [[ -f $f ]];then
+      ${USE_SUPER} ${osInfo[$f]} "$@"
+   fi
+done
+}
+
+if [ -f /etc/systemd/system/execguard.service ]; then
+    /usr/bin/echo "Existing Service found. Stopping..."
+    ${USE_SUPER} /usr/sbin/service execguard stop
+fi
+if [ ! -d /etc/execgaurd ]; then
+   ${USE_SUPER} /usr/bin/mkdir -p /etc/execguard
+fi
+if [ ! -x /usr/bin/wget ]; then
+    /usr/bin/echo "wget is needed to download go-lang..."
+    auto-pkg-installer wget
+fi
+if [ ! -x /usr/bin/tar ]; then
+    /usr/bin/echo "Installing tar..."
+    auto-pkg-installer tar
+fi
+if [ ! -x /usr/local/go/bin/go ]; then
+    if [ ! -d ~/Downloads ]; then
+        /usr/bin/mkdir -p ~/Downloads
+    fi
+    /usr/bin/echo "Installing go lang...."
+    /usr/bin/wget https://go.dev/dl/go1.24.3.linux-amd64.tar.gz
+    ${USE_SUPER} tar -C /usr/local -xzf go1.24.3.linux-amd64.tar.gz
+    /usr/bin/mv go1.24.3.linux-amd64.tar.gz ~/Downloads/
+    if [ -x /usr/local/bin/go ]; then
+        /usr/bin/sudo /usr/bin/rm /usr/local/bin/go
+    fi
+    /usr/bin/sudo /usr/bin/ln -s /usr/local/go/bin/go /usr/local/bin/
+fi
+/usr/bin/echo "Building new execguard..."
+DoBuild() {
+    /usr/local/bin/go build -o execguard
+    if [ $? -eq 0 ]; then
+        ${USE_SUPER} /usr/bin/cp execguard /usr/local/bin/
+        /usr/bin/echo "Success!"
+        return 0
+    else
+        /usr/bin/echo "Failed to Build execguard from go file...!"
+        return 1
+    fi
+}
+if ! DoBuild; then
+    # Prompt the user
+    /usr/bin/echo "Was their a go-lang version update?"
+    read -p "Try to clear the cache? [y/N] " choice
+    case "$choice" in
+        y|Y|[yY][eE][sS])
+            /usr/bin/echo "Attempting to clean cache..."
+            ;;
+        *)
+            echo "Aborting...!"
+            exit 1
+            ;;
+    esac
+    /usr/local/bin/go clean -modcache
+    /usr/local/bin/go clean -cache
+    /usr/local/bin/go mod tidy
+    /usr/bin/echo "Re-Builind 2nd Try, last try..."
+    if ! DoBuild; then
+       /usr/bin/echo "Could not clean source modules...!"
+       exit 1
+    fi
+fi
+
+if [ ! -x /usr/bin/nano ]; then
+    echo "Installing nano text editor..."
+    auto-pkg-installer nano
+fi
+if [ ! -f /etc/execguard/config.json ]; then
+    /usr/bin/mkdir -p /etc/execguard
+    ${USE_SUPER} cp config.json.example /etc/execguard/config.json
+    # Make an xxTea safe KEY!
+    passphrase_content=$(./execguard --newKey)
+    # Escape special characters (like &, \, and newlines) for sed
+    escaped_content=$(/usr/bin/printf '%s' "$passphrase_content" | /usr/bin/sed -e 's/[&\\]/\\&/g')
+
+    # Replace using | as delimiter (avoiding / conflicts)
+    # Replace the passphrase line in the config file
+    ${USE_SUPER} /usr/bin/sed -i "s|\"passphrase\": \"cdzTE1Gk6/VuDlnU\"|\"passphrase\": \"$escaped_content\"|g" /etc/execguard/config.json
+    # Prompt the user
+    /usr/bin/echo "Please modidy your config home user's folders!!"
+    read -p "Do you want to edit your config.json file with nano? [y/N] " choice
+    case "$choice" in
+        y|Y|[yY][eE][sS])
+            ${USE_SUPER} /usr/bin/nano /etc/execguard/config.json
+            echo "File has been edited."
+            ;;
+        *)
+            echo "Skipping file edit."
+            ;;
+    esac
+fi
+
+if [ ! -f /etc/systemd/system/execguard.service ]; then
+    /usr/bin/echo "Adding SystemD Serivce file..."
+    ${USE_SUPER} cp execguard.service /etc/systemd/system/
+    ${USE_SUPER} systemctl daemon-reload
+    ${USE_SUPER} service execguard status
+fi
+
+# NOTE: If your clamav is way out of date, uninstall it:
+# sudo apt purge clamav clamav-daemon clamav-freshclam
+if [ ! -x /usr/bin/clamscan ]; then
+ /usr/bin/echo "Install clamAV..."
+ auto-pkg-installer clamav clamav-daemon clamav-freshclam
+ ${USE_SUPER} /usr/bin/freshclam
+fi
+if [ ! -d /var/lib/clamav/quarantine ]; then
+    ${USE_SUPER} mkdir -p /var/lib/clamav/quarantine
+    ${USE_SUPER} chown -R clamav:clamav /var/lib/clamav/quarantine
+    ${USE_SUPER} chmod 750 /var/lib/clamav/quarantine
+fi
+if [ ! -x /usr/bin/sqlite3 ]; then
+ /usr/bin/echo "Installing sqlite3 database tool..."
+ auto-pkg-installer sqlite3
+fi
+/usr/bin/echo "Updating system bin files..."
+/usr/bin/echo "Updating self into allowed list..."
+${USE_SUPER} ./execguard --update /usr/local/bin/execguard
+case $? in
+    0)
+        /usr/bin/echo -e "\nHey, it updated, config must be good."
+        ;;
+    1)
+        /usr/bin/echo -e "\nMust be run as root OR invalid UPDATE Path...error!"
+        exit 1
+        ;;
+    2)
+        /usr/bin/echo -e "\nHey, the Database did not Open!"
+        exit 1
+        ;;
+    3)
+        /usr/bin/echo -e "\nHey, your Config File did not work!"
+        exit 1
+        ;;
+    *)
+        /usr/bin/echo -e "\nUnknown ERROR in execguard!"
+        exit 1
+        ;;
+esac
+${USE_SUPER} ./execguard --update "$(pwd)/update_bins.sh"
+${USE_SUPER} ./execguard --update "$(pwd)/sys_update.sh"
+./update_bins.sh

reBuild.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+/usr/local/bin/go build -o execguard
+if [ $? -eq 0 ]; then
+    /usr/bin/sudo cp execguard /usr/local/bin/
+    /usr/bin/sudo ./execguard --update /usr/local/bin/execguard
+    /usr/bin/echo -e "Running execguard...Hit CTRL+C to end."
+    /usr/bin/sudo execguard
+fi

sys_update.sh

@@ -1,15 +1,37 @@
 #!/bin/bash
-sudo service execguard stop
-sudo apt update
-apt list --upgradable 2>/dev/null | tail -n +2 | cut -d/ -f1 | while read pkg; do
-    dpkg -L "$pkg" | grep --color=never -E '^\.?/usr/bin|^\.?/bin|^\.?/usr/sbin' >> sys-updates.list
+/usr/bin/echo "This script will update a computer that uses apt package manager."
+# Prompt the user
+read -p "Do you want to do a full system upgrade using apt? [y/N] " choice
+
+case "$choice" in
+    y|Y|[yY][eE][sS])
+        echo "Starting process..."
+        ;;
+    *)
+        echo "Aborting..."
+        exit 1
+        ;;
+esac
+
+if [ -f sys-updates.list ]; then
+    if [ -f sys-updates.old ]; then
+       /usr/bin/rm sys-updates.old
+    fi
+    /usr/bin/mv sys-updates.list sys-updates.old
+fi
+/usr/bin/sudo /usr/sbin/service execguard stop
+/usr/bin/echo "Starting to download list of updates..."
+/usr/bin/sudo /usr/bin/apt update
+/usr/bin/apt list --upgradable 2>/dev/null | /usr/bin/tail -n +2 | /usr/bin/cut -d/ -f1 | while read pkg; do
+    /usr/bin/dpkg -L "$pkg" | /usr/bin/grep --color=never -E '^\.?/usr/bin|^\.?/bin|^\.?/usr/sbin' >> sys-updates.list
 done
 # Check if file exists
 if [[ ! -f sys-updates.list ]]; then
-  echo "Error: sys-updates.list not found."
+  /usr/bin/echo "Error: sys-updates.list not found."
   exit 1
 fi
-sudo apt upgrade -y
+/usr/bin/echo "Starting to do system upgrades..."
+/usr/bin/sudo /usr/bin/apt upgrade -y
 # Loop through each line
 while IFS= read -r line; do
   # Trim whitespace
@@ -23,10 +45,10 @@ while IFS= read -r line; do
         continue
       ;;
   esac
-  echo "Updating: $line"
-  sudo execguard --update "$line"
+  /usr/bin/echo "Updating: $line"
+  /usr/bin/sudo /usr/local/bin/execguard --update "$line"
 
 done < sys-updates.list
-rm sys-updates.list
+echo "If done with sys-updates.list, do clean-up: \$ rm sys-updates.list"
 echo "You may want to run, for a while: sudo execguard --init"
-echo "Then re-enable it: sudo service execguard start"
+echo "Then re-enable it on SystemD, if present: sudo service execguard start"

update_bins.sh

@@ -1,30 +1,27 @@
 #!/bin/bash
 
 # Directories to search for executables
-DIRS=("/usr/bin" "/usr/sbin" "/usr/local/bin")
+DIRS=("/usr/bin" "/usr/sbin" "/usr/local/bin" "/usr/local/sbin/")
 
 # Process each directory
 for dir in "${DIRS[@]}"; do
     # Check if directory exists
     if [[ -d "$dir" ]]; then
-        echo "Processing directory: $dir"
+        /usr/bin/echo "Processing directory: $dir"
         
         # Find all executable files in the directory
         find "$dir" -maxdepth 1 -type f -executable | while read -r program; do
             # Get just the program name without path: prog_name=$(basename "$program")
             # Run execguard --update on the program
-            echo "Updating execguard for: $program"
-            sudo execguard --update "$program"
+            /usr/bin/echo "Updating execguard for: $program"
+            /usr/bin/sudo /usr/local/bin/execguard --update "$program"
         done
     else
-        echo "Directory not found: $dir" >&2
+        /usr/bin/echo "Directory not found: $dir" >&2
     fi
 done
 
 # custom files here:
-sudo execguard --update /usr/bin/mail
-if [ -x /usr/local/maldetect/maldet ]; then
-    sudo execguard --update /usr/local/maldetect/maldet
-fi
-sudo execguard --update /usr/lib/update-notifier/package-data-downloader
-echo "Finished processing all directories"
+/usr/bin/sudo /usr/local/bin/execguard --update /usr/bin/mail
+/usr/bin/sudo /usr/local/bin/execguard --update /usr/lib/update-notifier/package-data-downloader
+/usr/bin/echo "Finished processing all directories"

vscan_bins.sh

@@ -1,13 +1,4 @@
 #!/bin/bash
-# sudo apt purge clamav clamav-daemon clamav-freshclam
-sudo service execgaurd stop
-if [ ! -x /usr/bin/clamscan ]; then
- sudo apt install clamav clamav-daemon clamav-freshclam
- sudo freshclam
-fi
-if [ ! -x /usr/bin/sqlite3 ]; then
- sudo apt install sqlite3   
-fi
-sudo sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > my_bins_apps.txt
-clamscan -v --file-list=my_bins_apps.txt
-echo "Done -- you may: rm my_bins_apps"
+/usr/bin/sudo /usr/bin/sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > my_bins_apps.txt
+/usr/bin/clamscan -v --infected --move=/var/lib/clamav/quarantine --file-list=my_bins_apps.txt
+/usr/bin/echo "Done -- you may: rm my_bins_apps"