Added go routine for sendAlert to prevent system crash...

7 months ago · eae21d85e2
parent 11f553c209
commit eae21d85e2
2 changed files with 21 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -5,6 +5,13 @@ This for educational use ONLY. Not fit for any real world system.
 Beaware it is possible to lock your self out of your own system with this program, if not used right!
 Please look at the go code, etc...

+## If LOCKED OUT:
+Boot into a Linux Live USB disk. Then mount your hard drive, open the folder to etc, right click and open in new Terminal. From the etc folder... change directory to systemd/system.
+```
+cd systemd/system/
+mv execguard.service ../opps.backup
+reboot
+```
 ### About execgaurd --init
 This will initialize the /etc/execguard/allowed.db SQLite3 Database.
 It is in Leaning mode... All program will run as normal.
--- a/execguard.go
+++ b/execguard.go
@ -109,15 +109,17 @@ func main() {
 		runMigration(db)
 		return
 	}
-
-	go func() {
-		defer func() {
-			if r := recover(); r != nil {
-				log.Printf("Recovered from scan panic: %v", r)
-			}
-		}()
-		periodicScan(config.ProtectedDirs, db)
-	}()
+    
+    if config.ScanInterval > 0 {
+        go func() {
+            defer func() {
+                if r := recover(); r != nil {
+                    log.Printf("Recovered from scan panic: %v", r)
+                }
+            }()
+            periodicScan(config.ProtectedDirs, db)
+        }()
+    }

 	if err := monitorExecutions(db); err != nil {
 		log.Fatalf("Execution monitoring failed: %v", err)
@ -298,11 +300,6 @@ func computeHash(path string) string {
 }

 func periodicScan(dirs []string, db *sql.DB) {
-    if config.ScanInterval == 0 {
-		// log.Println("Periodic scanning is disabled by configuration.")
-		return
-	}
-    
 	skipSet := make(map[string]struct{})
 	for _, skip := range config.SkipDirs {
 		if abs, err := filepath.Abs(skip); err == nil {
@ -342,7 +339,7 @@ func periodicScan(dirs []string, db *sql.DB) {
 					} else if !isAllowed(db, absPath) {
 						log.Printf("Found unauthorized executable: %s", absPath)
 						os.Chmod(absPath, info.Mode()&^0111)
-						sendAlert(fmt.Sprintf("Unauthorized executable found and blocked: %s", absPath))
+						go sendAlert(fmt.Sprintf("Unauthorized executable found and blocked: %s", absPath))
 					}
 				}
 				return nil
@ -393,7 +390,8 @@ func monitorExecutions(db *sql.DB) error {
 							addToAllowed(db, absPath)
 						} else if !isAllowed(db, absPath) {
 							log.Printf("Blocked execution attempt: %s", absPath)
-							sendAlert(fmt.Sprintf("Unauthorized execution attempt blocked: %s", absPath))
+                            // To avoid locking up the Whole System...use go function on sendAlert!!!
+							go sendAlert(fmt.Sprintf("Unauthorized execution attempt blocked: %s", absPath))
 							resp.Response = unix.FAN_DENY
 						}
 					}