From b23861110fd97502f5a9e6b2f1669199993c800c Mon Sep 17 00:00:00 2001 From: Robert Date: Tue, 20 May 2025 16:31:39 -0400 Subject: [PATCH] Made install.sh --- README.md | 66 ++++-- build.sh | 8 - config.json.example | 8 +- core/make_key/make_key.go | 10 +- .../monitor_running_bins.go | 3 +- docs/MalDetect.md | 38 ++++ execguard.go | 19 +- export.sh | 4 +- go.mod | 2 +- install.sh | 206 ++++++++++++++++++ reBuild.sh | 8 + sys_update.sh | 42 +++- update_bins.sh | 19 +- vscan_bins.sh | 15 +- 14 files changed, 362 insertions(+), 86 deletions(-) delete mode 100755 build.sh create mode 100644 docs/MalDetect.md create mode 100755 install.sh create mode 100755 reBuild.sh diff --git a/README.md b/README.md index 0f56182..c1561a9 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,20 @@ This for educational use ONLY. Not fit for any real world system. Beaware it is possible to lock your self out of your own system with this program, if not used right! Please look at the go code, etc... +## Pre requirements: +1. You must be in the sudoers file to become root. +2. You should understand Linux Admin... +3. Do a Full System Backup +4. Know how to recover from a downed system. IE mount the filesystem from somewhere else to change the service file. If you do not understand SystemD then this program is not for you. + ## If LOCKED OUT: -Boot into some form of Recovery Mode: Boot into a Linux Live USB disk. Then mount your hard drive, open the folder to etc, right click and open in new Terminal. From the etc folder... change directory to systemd/system. Make sure that --init is turned on...once recovered and loaded all normal programs, so they are added to the allowed system Database, you may remove the --init to go back to enforce mode... +- Boot into some form of Recovery Mode: + - Boot into a Linux Live USB disk. + - Then mount your hard drive, open the folder to etc, right click and open in new Terminal. + - From the etc folder... + - change directory to systemd/system. + - Make sure that --init is turned on... + - Once recovered and loaded all normal programs, so they are added to the allowed system Database, you may remove the --init to go back to enforce mode... ``` cd systemd/system/ sudo nano execguard.service @@ -20,7 +32,11 @@ This will initialize the /etc/execguard/system.db SQLite3 Database. It is in Leaning mode... All program will run as normal. ## How it works: -NOTE: All executables are blocked that are not in the allowed.db, so the protected_dirs config does not matter! To add a program to this allowed.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Beacreful when updating/add to the allowed Database as the whole point is to Block Bad Programs, However, your systen need to run things, so be wise... You should monitor the output of the log file: tail -F /var/log/execguard.log +* NOTE: All executables are blocked that are not in the allowed.db, so the protected_dirs config does not matter! +* To add a program to this system.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Beacreful when updating/add to the allowed Database as the whole point is to Block Bad Programs. +* However, your systen need to run things, so be wise... +* You should monitor the output of the log file: + - tail -F /var/log/execguard.log ## Make a key for xxtea This will generate a new key phrase for you that is safe in size...to be placed inside of your config.json file. Do this before you go live. @@ -36,41 +52,24 @@ scan_interval is the number of minutes to delay before scanning the protected_di "log_file": "/var/log/execguard.log", "mail_prog": "/usr/bin/mail", "scanner_prog": "/usr/bin/clamscan", - "downloads": ["/home/exampleUser1/Downloads", "/home/exampleUser2/Downloads"], + "downloads": ["/home/EXAMPLEUSER1_CHANGEME/Downloads", "/home/USER2_IF_THEY_EXISTS/Downloads"], "scan_interval": 0, - "protected_dirs": ["/home"], + "protected_dirs": ["/home/EXAMPLEUSER_CHANGEME/Documents"], "skip_dirs": [".cache",".git"], - "alert_email": "" + "alert_email": "root@localhost" "passphrase": "cdzTE1Gk6/VuDlnU", "hash_encryption": "xxtea", "hash_type": "sha512" } ``` ## Install -Be sure to update your config.json file to have a passphrase that was generated by execgaurd --newKey... ``` cd execgaurd -sudo mkdir -p /etc/execguard/ -go build -o execguard -sudo ./execguard --newKey -## Copy the passphrase key into your clipboard. -sudo cp config.json.example /etc/execguard/config.json -sudo nano /etc/execguard/config.json -## Paste your passphrase into the config.json file and save. - -sudo mv execguard /usr/local/bin/ -sudo execguard --update $(pwd)/update_bins.sh -sudo execguard --update $(pwd)/sys_update.sh -sudo ./update_bins.sh -sudo execguard --init +./install.sh ``` -Ctrl+C to exit from execgaurd when done loading programs to allow. - # Run a Service Kind of Dangerious!!: ``` -sudo cp execguard.service /etc/systemd/system/ -sudo systemctl daemon-reload sudo systemctl enable --now execguard sudo service execguard status ``` @@ -89,7 +88,8 @@ sudo execguard --update /path/to/program REPLACE /path/to/program with that found in the Log file. ``` -# Once done initializing the System: +# Once done initializing the System, BEWARE....doing this...: +If you have not allowed all the things needed for your system, it will HANG-UP and stop working!!!! ``` sudo nano /etc/systemd/system/execguard.service [Service] @@ -100,6 +100,7 @@ REMOVE the --init from ExecStart command Reboot. # Disable Auto-Updates +Any unknown update will make changes to your bin files, as such they will get BLOCKED!!!! ``` sudo systemctl disable --now apt-daily.timer sudo systemctl disable --now apt-daily-upgrade.timer @@ -109,6 +110,7 @@ APT::Periodic::Unattended-Upgrade "0"; sudo apt remove unattended-upgrades ``` # Manual System Updates via Apt +If not using apt, change the script to use your package manager. ``` ./sys_update.sh ``` @@ -122,3 +124,19 @@ sudo ./execgaurd # If successful: sudo service execguard start ``` +## What to do if found Infected files: +``` +sudo rm -rf /var/lib/clamav/quarantine/* +``` +## TODOs: +- [x] Allow Hash Type choice: sha256 or sha512. +- [x] Allow Encyption on sad Hash: xxtea (default), xor, or none. +- [x] Take a passphrase for Encyption. +- [x] Local Mail Alerts to root user. +- [x] Clamscan AV or use of other AV. +- [x] Set Scan Interval in Minutes for Protected Dirs like: Docs + - Will remove executable bit from Documents... +- [x] Auto scan new files in Downloads. +- [x] Watch/Monitor Logs via: $ tail -F /var/log/execguard.log +- [x] Use custom SQLite3 Database file: Default is /etc/execguard/system.db +- [ ] Debug more...this is in Alpha. diff --git a/build.sh b/build.sh deleted file mode 100755 index 6013694..0000000 --- a/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -go build -o execguard -if [ $? -eq 0 ]; then - sudo cp execguard /usr/local/bin/ - sudo ./execguard --update /usr/local/bin/execguard - echo -e "Running execguard...Hit CTRL+C to end." - sudo execguard -fi diff --git a/config.json.example b/config.json.example index 4f8cad0..d40028f 100644 --- a/config.json.example +++ b/config.json.example @@ -3,11 +3,11 @@ "log_file": "/var/log/execguard.log", "mail_prog": "/usr/bin/mail", "scanner_prog": "/usr/bin/clamscan", - "downloads": ["/home/exampleUser1/Downloads", "/home/exampleUser2/Downloads"], - "scan_interval": 0, - "protected_dirs": ["/home"], + "downloads": ["/home/EXAMPLEUSER1/Downloads", "/home/exampleUser2/Downloads"], + "scan_interval": 90, + "protected_dirs": ["/home/EXAMPLEUSER1/Documents"], "skip_dirs": [".cache",".git"], - "alert_email": "" + "alert_email": "", "passphrase": "cdzTE1Gk6/VuDlnU", "hash_encryption": "xxtea", "hash_type": "sha512" diff --git a/core/make_key/make_key.go b/core/make_key/make_key.go index 4c68ccf..3d53c76 100644 --- a/core/make_key/make_key.go +++ b/core/make_key/make_key.go @@ -2,7 +2,6 @@ package make_key import ( "io" - "log" "crypto/rand" "encoding/base64" "fmt" @@ -12,11 +11,14 @@ func randReader() io.Reader { return rand.Reader } -func Make_a_key(log log.Logger) { +func Make_a_key() bool{ // XXTEA key should be 16 bytes total...base64 will padd it... key := make([]byte, 12) if _, err := io.ReadFull(rand.Reader, key); err != nil { - log.Fatalf("Failed to generate key: %v", err) + fmt.Printf("Failed to generate key: %v", err) + return false } - fmt.Printf("Generated XXTEA key (base64): %s\n", base64.StdEncoding.EncodeToString(key)) + // Generated XXTEA key (base64): + fmt.Printf("%s", base64.StdEncoding.EncodeToString(key)) + return true } diff --git a/core/monitor_running_bins/monitor_running_bins.go b/core/monitor_running_bins/monitor_running_bins.go index ecbaac7..0f21c4e 100644 --- a/core/monitor_running_bins/monitor_running_bins.go +++ b/core/monitor_running_bins/monitor_running_bins.go @@ -104,6 +104,7 @@ func MonitorExecutions(db *sql.DB, log log.Logger, mailPath string) error { } else { if !sys_database.IsAllowed(db, log, absPath) { log.Printf("Blocked execution attempt: %s", absPath) + resp.Response = unix.FAN_DENY if _, seen := alertCache.LoadOrStore(absPath, struct{}{}); !seen { go alert.SendAlert(fmt.Sprintf("Unauthorized execution attempt blocked: %s", absPath), db, log) @@ -111,8 +112,6 @@ func MonitorExecutions(db *sql.DB, log log.Logger, mailPath string) error { alertCache.Delete(absPath) }) } - - resp.Response = unix.FAN_DENY } } } diff --git a/docs/MalDetect.md b/docs/MalDetect.md new file mode 100644 index 0000000..a699772 --- /dev/null +++ b/docs/MalDetect.md @@ -0,0 +1,38 @@ +# MalDetect For Ubuntu: +### FYI +I'm not sure how usefull this is on systems, it is for monitoring your web server. +## Install clamAV +``` +$ sudo apt update && sudo apt install -y perl wget +$ sudo apt install -y clamav clamav-daemon +$ sudo freshclam +``` +## maldetect +``` +$ sudo apt install -y inotify-tools +$ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz +$ tar -xzf maldetect-current.tar.gz +$ cd maldetect-* +$ sudo ./install.sh +$ sudo nano /usr/local/maldetect/monitor_paths +/tmp +/var/www +/home + +$ sudo nano /usr/local/maldetect/conf.maldet +quarantine_hits Move infected files to quarantine 1 (enable) +quarantine_clean Automatically clean malware 0 (manual review recommended) +scan_clamscan Use ClamAV for scanning 1 (if ClamAV is installed) +inotify_monitor Enable real-time monitoring 1 (enable) +``` +## Active Monitor +``` +$ sudo maldet --monitor /usr/local/maldetect/monitor_paths +$ sudo crontab -e +0 2 * * * /usr/local/maldetect/maldet --scan-all /var/www /home -r /root/maldet-scan.log +``` +## Update maldetect Signatures +``` +$ sudo maldet --update +$ sudo maldet --monitor enable +``` diff --git a/execguard.go b/execguard.go index 7ce4878..b79c625 100644 --- a/execguard.go +++ b/execguard.go @@ -14,6 +14,7 @@ import ( "log" "strings" "os" + "fmt" "path/filepath" _ "github.com/mattn/go-sqlite3" ) @@ -70,8 +71,16 @@ func main() { flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key") flag.Parse() + if newKey { + if make_key.Make_a_key() { + return + } else { + os.Exit(1) // Exit with status code 1 + } + } + if os.Geteuid() != 0 { - log.Fatal("This program must be run as root") + fmt.Printf("This program must be run as root") os.Exit(1) // Exit with status code 1 } @@ -87,7 +96,7 @@ func main() { config, err := configure.LoadConfig(configFile) if err != nil { - log.Fatalf("Error loading config: %v", err) + fmt.Printf("Error loading config: %v", err) os.Exit(3) // Exit with status code 3 } @@ -157,12 +166,6 @@ func main() { } defer logf.Close() log.SetOutput(logf) - - if newKey { - make_key.Make_a_key(log) - return - } - db, err := sql.Open("sqlite3", dbFile) if err != nil { diff --git a/export.sh b/export.sh index 1fa145d..44a149b 100644 --- a/export.sh +++ b/export.sh @@ -1,3 +1,3 @@ #!/bin/bash -sudo sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > migrated_apps.txt -echo "On remote PC: \$ sudo execguard --initFile migrated_apps.txt" +/usr/bin/sudo /usr/bin/sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > migrated_apps.txt +echo "On the remote PC: \$ sudo execguard --initFile migrated_apps.txt" diff --git a/go.mod b/go.mod index e5a4af8..5ce52a2 100644 --- a/go.mod +++ b/go.mod @@ -8,4 +8,4 @@ require ( golang.org/x/sys v0.33.0 ) -require github.com/fsnotify/fsnotify v1.9.0 // indirect +require github.com/fsnotify/fsnotify v1.9.0 diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..083df74 --- /dev/null +++ b/install.sh @@ -0,0 +1,206 @@ +#!/bin/bash +# See if the User can become ROOT user +if [ "$EUID" -eq 0 ]; then + USE_SUPER="" +elif groups "$USER" | grep -o "sudo" >/dev/null 2>/dev/null; then + USE_SUPER="/usr/bin/sudo" +elif groups "$USER" | grep -o "doas" >/dev/null 2>/dev/null; then + USE_SUPER="/usr/bin/doas" +elif groups "$USER" | grep -o "wheel" >/dev/null 2>/dev/null; then + USE_SUPER="/usr/bin/sudo" +elif groups "$USER" | grep -o "admin" >/dev/null 2>/dev/null; then + USE_SUPER="/usr/bin/sudo" +else + USE_SUPER="error" +fi + +if [ "$USE_SUPER" == "error" ]; then + /usr/bin/echo "Please run as root! OR add self to suders file!" + exit 1 +fi + +if [ ! -f config.json.example ]; then + /usr/bin/echo "Default config EXAMPLE file missing...Bailing..." + /usr/bin/echo "Please re-create or re-download the config.json.example file." + exit 1 +fi +if [ ! -f go.mod ]; then + /usr/bin/echo "go.mod program descriptor missing!" + exit 1 +fi +if [ ! -f execguard.go ]; then + /usr/bin/echo "execguard go code missing!" + exit 1 +fi + + +# Help OLD systems out...if apt does not exists link to apt-get! +if [ ! -x /usr/bin/apt ]; then + if [ -x /usr/bin/apt-get ]; then + ${USE_SUPER} ln -s /usr/bin/apt-get /usr/bin/apt + fi +fi + +auto-pkg-installer() { +if [ -z "$1" ]; then + /usr/bin/echo "Please give a package name to install!" + return 1 +fi + +declare -A osInfo; +osInfo[/etc/redhat-release]="yum install" +osInfo[/etc/arch-release]="pacman -S" +osInfo[/etc/gentoo-release]="emerge" +osInfo[/etc/SuSE-release]="zypper install" +osInfo[/etc/debian_version]="/usr/bin/apt install -y" +osInfo[/etc/alpine-release]="apk add --no-cache" +for f in "${!osInfo[@]}" +do + if [[ -f $f ]];then + ${USE_SUPER} ${osInfo[$f]} "$@" + fi +done +} + +if [ -f /etc/systemd/system/execguard.service ]; then + /usr/bin/echo "Existing Service found. Stopping..." + ${USE_SUPER} /usr/sbin/service execguard stop +fi +if [ ! -d /etc/execgaurd ]; then + ${USE_SUPER} /usr/bin/mkdir -p /etc/execguard +fi +if [ ! -x /usr/bin/wget ]; then + /usr/bin/echo "wget is needed to download go-lang..." + auto-pkg-installer wget +fi +if [ ! -x /usr/bin/tar ]; then + /usr/bin/echo "Installing tar..." + auto-pkg-installer tar +fi +if [ ! -x /usr/local/go/bin/go ]; then + if [ ! -d ~/Downloads ]; then + /usr/bin/mkdir -p ~/Downloads + fi + /usr/bin/echo "Installing go lang...." + /usr/bin/wget https://go.dev/dl/go1.24.3.linux-amd64.tar.gz + ${USE_SUPER} tar -C /usr/local -xzf go1.24.3.linux-amd64.tar.gz + /usr/bin/mv go1.24.3.linux-amd64.tar.gz ~/Downloads/ + if [ -x /usr/local/bin/go ]; then + /usr/bin/sudo /usr/bin/rm /usr/local/bin/go + fi + /usr/bin/sudo /usr/bin/ln -s /usr/local/go/bin/go /usr/local/bin/ +fi +/usr/bin/echo "Building new execguard..." +DoBuild() { + /usr/local/bin/go build -o execguard + if [ $? -eq 0 ]; then + ${USE_SUPER} /usr/bin/cp execguard /usr/local/bin/ + /usr/bin/echo "Success!" + return 0 + else + /usr/bin/echo "Failed to Build execguard from go file...!" + return 1 + fi +} +if ! DoBuild; then + # Prompt the user + /usr/bin/echo "Was their a go-lang version update?" + read -p "Try to clear the cache? [y/N] " choice + case "$choice" in + y|Y|[yY][eE][sS]) + /usr/bin/echo "Attempting to clean cache..." + ;; + *) + echo "Aborting...!" + exit 1 + ;; + esac + /usr/local/bin/go clean -modcache + /usr/local/bin/go clean -cache + /usr/local/bin/go mod tidy + /usr/bin/echo "Re-Builind 2nd Try, last try..." + if ! DoBuild; then + /usr/bin/echo "Could not clean source modules...!" + exit 1 + fi +fi + +if [ ! -x /usr/bin/nano ]; then + echo "Installing nano text editor..." + auto-pkg-installer nano +fi +if [ ! -f /etc/execguard/config.json ]; then + /usr/bin/mkdir -p /etc/execguard + ${USE_SUPER} cp config.json.example /etc/execguard/config.json + # Make an xxTea safe KEY! + passphrase_content=$(./execguard --newKey) + # Escape special characters (like &, \, and newlines) for sed + escaped_content=$(/usr/bin/printf '%s' "$passphrase_content" | /usr/bin/sed -e 's/[&\\]/\\&/g') + + # Replace using | as delimiter (avoiding / conflicts) + # Replace the passphrase line in the config file + ${USE_SUPER} /usr/bin/sed -i "s|\"passphrase\": \"cdzTE1Gk6/VuDlnU\"|\"passphrase\": \"$escaped_content\"|g" /etc/execguard/config.json + # Prompt the user + /usr/bin/echo "Please modidy your config home user's folders!!" + read -p "Do you want to edit your config.json file with nano? [y/N] " choice + case "$choice" in + y|Y|[yY][eE][sS]) + ${USE_SUPER} /usr/bin/nano /etc/execguard/config.json + echo "File has been edited." + ;; + *) + echo "Skipping file edit." + ;; + esac +fi + +if [ ! -f /etc/systemd/system/execguard.service ]; then + /usr/bin/echo "Adding SystemD Serivce file..." + ${USE_SUPER} cp execguard.service /etc/systemd/system/ + ${USE_SUPER} systemctl daemon-reload + ${USE_SUPER} service execguard status +fi + +# NOTE: If your clamav is way out of date, uninstall it: +# sudo apt purge clamav clamav-daemon clamav-freshclam +if [ ! -x /usr/bin/clamscan ]; then + /usr/bin/echo "Install clamAV..." + auto-pkg-installer clamav clamav-daemon clamav-freshclam + ${USE_SUPER} /usr/bin/freshclam +fi +if [ ! -d /var/lib/clamav/quarantine ]; then + ${USE_SUPER} mkdir -p /var/lib/clamav/quarantine + ${USE_SUPER} chown -R clamav:clamav /var/lib/clamav/quarantine + ${USE_SUPER} chmod 750 /var/lib/clamav/quarantine +fi +if [ ! -x /usr/bin/sqlite3 ]; then + /usr/bin/echo "Installing sqlite3 database tool..." + auto-pkg-installer sqlite3 +fi +/usr/bin/echo "Updating system bin files..." +/usr/bin/echo "Updating self into allowed list..." +${USE_SUPER} ./execguard --update /usr/local/bin/execguard +case $? in + 0) + /usr/bin/echo -e "\nHey, it updated, config must be good." + ;; + 1) + /usr/bin/echo -e "\nMust be run as root OR invalid UPDATE Path...error!" + exit 1 + ;; + 2) + /usr/bin/echo -e "\nHey, the Database did not Open!" + exit 1 + ;; + 3) + /usr/bin/echo -e "\nHey, your Config File did not work!" + exit 1 + ;; + *) + /usr/bin/echo -e "\nUnknown ERROR in execguard!" + exit 1 + ;; +esac +${USE_SUPER} ./execguard --update "$(pwd)/update_bins.sh" +${USE_SUPER} ./execguard --update "$(pwd)/sys_update.sh" +./update_bins.sh diff --git a/reBuild.sh b/reBuild.sh new file mode 100755 index 0000000..0dc67f1 --- /dev/null +++ b/reBuild.sh @@ -0,0 +1,8 @@ +#!/bin/bash +/usr/local/bin/go build -o execguard +if [ $? -eq 0 ]; then + /usr/bin/sudo cp execguard /usr/local/bin/ + /usr/bin/sudo ./execguard --update /usr/local/bin/execguard + /usr/bin/echo -e "Running execguard...Hit CTRL+C to end." + /usr/bin/sudo execguard +fi diff --git a/sys_update.sh b/sys_update.sh index b97cd5a..5f86e32 100755 --- a/sys_update.sh +++ b/sys_update.sh @@ -1,15 +1,37 @@ #!/bin/bash -sudo service execguard stop -sudo apt update -apt list --upgradable 2>/dev/null | tail -n +2 | cut -d/ -f1 | while read pkg; do - dpkg -L "$pkg" | grep --color=never -E '^\.?/usr/bin|^\.?/bin|^\.?/usr/sbin' >> sys-updates.list +/usr/bin/echo "This script will update a computer that uses apt package manager." +# Prompt the user +read -p "Do you want to do a full system upgrade using apt? [y/N] " choice + +case "$choice" in + y|Y|[yY][eE][sS]) + echo "Starting process..." + ;; + *) + echo "Aborting..." + exit 1 + ;; +esac + +if [ -f sys-updates.list ]; then + if [ -f sys-updates.old ]; then + /usr/bin/rm sys-updates.old + fi + /usr/bin/mv sys-updates.list sys-updates.old +fi +/usr/bin/sudo /usr/sbin/service execguard stop +/usr/bin/echo "Starting to download list of updates..." +/usr/bin/sudo /usr/bin/apt update +/usr/bin/apt list --upgradable 2>/dev/null | /usr/bin/tail -n +2 | /usr/bin/cut -d/ -f1 | while read pkg; do + /usr/bin/dpkg -L "$pkg" | /usr/bin/grep --color=never -E '^\.?/usr/bin|^\.?/bin|^\.?/usr/sbin' >> sys-updates.list done # Check if file exists if [[ ! -f sys-updates.list ]]; then - echo "Error: sys-updates.list not found." + /usr/bin/echo "Error: sys-updates.list not found." exit 1 fi -sudo apt upgrade -y +/usr/bin/echo "Starting to do system upgrades..." +/usr/bin/sudo /usr/bin/apt upgrade -y # Loop through each line while IFS= read -r line; do # Trim whitespace @@ -23,10 +45,10 @@ while IFS= read -r line; do continue ;; esac - echo "Updating: $line" - sudo execguard --update "$line" + /usr/bin/echo "Updating: $line" + /usr/bin/sudo /usr/local/bin/execguard --update "$line" done < sys-updates.list -rm sys-updates.list +echo "If done with sys-updates.list, do clean-up: \$ rm sys-updates.list" echo "You may want to run, for a while: sudo execguard --init" -echo "Then re-enable it: sudo service execguard start" +echo "Then re-enable it on SystemD, if present: sudo service execguard start" diff --git a/update_bins.sh b/update_bins.sh index ba96afb..f56d804 100755 --- a/update_bins.sh +++ b/update_bins.sh @@ -1,30 +1,27 @@ #!/bin/bash # Directories to search for executables -DIRS=("/usr/bin" "/usr/sbin" "/usr/local/bin") +DIRS=("/usr/bin" "/usr/sbin" "/usr/local/bin" "/usr/local/sbin/") # Process each directory for dir in "${DIRS[@]}"; do # Check if directory exists if [[ -d "$dir" ]]; then - echo "Processing directory: $dir" + /usr/bin/echo "Processing directory: $dir" # Find all executable files in the directory find "$dir" -maxdepth 1 -type f -executable | while read -r program; do # Get just the program name without path: prog_name=$(basename "$program") # Run execguard --update on the program - echo "Updating execguard for: $program" - sudo execguard --update "$program" + /usr/bin/echo "Updating execguard for: $program" + /usr/bin/sudo /usr/local/bin/execguard --update "$program" done else - echo "Directory not found: $dir" >&2 + /usr/bin/echo "Directory not found: $dir" >&2 fi done # custom files here: -sudo execguard --update /usr/bin/mail -if [ -x /usr/local/maldetect/maldet ]; then - sudo execguard --update /usr/local/maldetect/maldet -fi -sudo execguard --update /usr/lib/update-notifier/package-data-downloader -echo "Finished processing all directories" +/usr/bin/sudo /usr/local/bin/execguard --update /usr/bin/mail +/usr/bin/sudo /usr/local/bin/execguard --update /usr/lib/update-notifier/package-data-downloader +/usr/bin/echo "Finished processing all directories" diff --git a/vscan_bins.sh b/vscan_bins.sh index 1351bd4..6a5efeb 100755 --- a/vscan_bins.sh +++ b/vscan_bins.sh @@ -1,13 +1,4 @@ #!/bin/bash -# sudo apt purge clamav clamav-daemon clamav-freshclam -sudo service execgaurd stop -if [ ! -x /usr/bin/clamscan ]; then - sudo apt install clamav clamav-daemon clamav-freshclam - sudo freshclam -fi -if [ ! -x /usr/bin/sqlite3 ]; then - sudo apt install sqlite3 -fi -sudo sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > my_bins_apps.txt -clamscan -v --file-list=my_bins_apps.txt -echo "Done -- you may: rm my_bins_apps" +/usr/bin/sudo /usr/bin/sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > my_bins_apps.txt +/usr/bin/clamscan -v --infected --move=/var/lib/clamav/quarantine --file-list=my_bins_apps.txt +/usr/bin/echo "Done -- you may: rm my_bins_apps"