#!/bin/bash

# Copyright (c) 2025 Robert Strutts <bobs@NewToFaith.com>
# License: MIT
# GIT: https://git.mysnippetsofcode.com/bobs/execguard 

export CGO_ENABLED=1
# See if the User can become ROOT user
if [ "$EUID" -eq 0 ]; then
   USE_SUPER=""
elif groups "$USER" | grep -o "sudo" >/dev/null 2>/dev/null; then
   USE_SUPER="/usr/bin/sudo"
elif groups "$USER" | grep -o "doas" >/dev/null 2>/dev/null; then
   USE_SUPER="/usr/bin/doas"
elif groups "$USER" | grep -o "wheel" >/dev/null 2>/dev/null; then
   USE_SUPER="/usr/bin/sudo"
elif groups "$USER" | grep -o "admin" >/dev/null 2>/dev/null; then
   USE_SUPER="/usr/bin/sudo"
else
   USE_SUPER="error"
fi

if [ "$USE_SUPER" == "error" ]; then
   /usr/bin/echo "Please run as root! OR add self to suders file!"
   exit 1
fi

if [ ! -f config.json.example ]; then
   /usr/bin/echo "Default config EXAMPLE file missing...Bailing..."
   /usr/bin/echo "Please re-create or re-download the config.json.example file."
   exit 1
fi
if [ ! -f go.mod ]; then
   /usr/bin/echo "go.mod program descriptor missing!"
   exit 1
fi
if [ ! -f execguard.go ]; then
   /usr/bin/echo "execguard go code missing!"
   exit 1
fi


# Help OLD systems out...if apt does not exists link to apt-get!
if [ ! -x /usr/bin/apt ]; then
   if [ -x /usr/bin/apt-get ]; then
      ${USE_SUPER} ln -s /usr/bin/apt-get /usr/bin/apt
   fi
fi

auto-pkg-installer() {
if [ -z "$1" ]; then
   /usr/bin/echo "Please give a package name to install!"
   return 1
fi

declare -A osInfo;
osInfo[/etc/redhat-release]="yum install"
osInfo[/etc/arch-release]="pacman -S"
osInfo[/etc/gentoo-release]="emerge"
osInfo[/etc/SuSE-release]="zypper install"
osInfo[/etc/debian_version]="/usr/bin/apt install -y"
osInfo[/etc/alpine-release]="apk add --no-cache"
for f in "${!osInfo[@]}"
do
   if [[ -f $f ]];then
      ${USE_SUPER} ${osInfo[$f]} "$@"
   fi
done
}

if [ -f /etc/systemd/system/execguard@.service ]; then
    ./stopExecguard.sh
fi
if [ ! -d /etc/execgaurd ]; then
   ${USE_SUPER} /usr/bin/mkdir -p /etc/execguard
fi
if [ ! -x /usr/bin/wget ]; then
    /usr/bin/echo "wget is needed to download go-lang..."
    auto-pkg-installer wget
fi
if [ ! -x /usr/bin/tar ]; then
    /usr/bin/echo "Installing tar..."
    auto-pkg-installer tar
fi
if [ ! -x /usr/bin/gcc ]; then
    /usr/bin/echo "Installing gcc...the GNU c Compiler..."
    auto-pkg-installer gcc
fi

if [ ! -x /usr/local/go/bin/go ]; then
    if [ ! -d ~/Downloads ]; then
        /usr/bin/mkdir -p ~/Downloads
    fi
    /usr/bin/echo "Installing go lang...."
    /usr/bin/wget https://go.dev/dl/go1.24.3.linux-amd64.tar.gz
    ${USE_SUPER} tar -C /usr/local -xzf go1.24.3.linux-amd64.tar.gz
    /usr/bin/mv go1.24.3.linux-amd64.tar.gz ~/Downloads/
    if [ -x /usr/local/bin/go ]; then
        /usr/bin/sudo /usr/bin/rm /usr/local/bin/go
    fi
    /usr/bin/sudo /usr/bin/ln -s /usr/local/go/bin/go /usr/local/bin/
fi
/usr/bin/echo "Building new execguard..."
DoBuild() {
    /usr/local/bin/go build -o execguard
    if [ $? -eq 0 ]; then
        ${USE_SUPER} /usr/bin/cp execguard /usr/local/bin/
        /usr/bin/echo "Success!"
        return 0
    else
        /usr/bin/echo "Failed to Build execguard from go file...!"
        return 1
    fi
}
if ! DoBuild; then
    # Prompt the user
    /usr/bin/echo "Was their a go-lang version update?"
    read -p "Try to clear the cache? [y/N] " choice
    case "$choice" in
        y|Y|[yY][eE][sS])
            /usr/bin/echo "Attempting to clean cache..."
            ;;
        *)
            echo "Aborting...!"
            exit 1
            ;;
    esac
    /usr/local/bin/go clean -modcache
    /usr/local/bin/go clean -cache
    /usr/local/bin/go mod tidy
    /usr/bin/echo "Re-Builind 2nd Try, last try..."
    if ! DoBuild; then
       /usr/bin/echo "Could not clean source modules...!"
       exit 1
    fi
fi

if [ ! -x /usr/bin/nano ]; then
    echo "Installing nano text editor..."
    auto-pkg-installer nano
fi
if [ ! -f /etc/execguard/config.yaml ]; then
    /usr/bin/mkdir -p /etc/execguard
    ${USE_SUPER} cp config.yaml.example /etc/execguard/yaml.json
    # Make an xxTea safe KEY!
    passphrase_content=$(./execguard --newKey)
    # Escape special characters (like &, \, and newlines) for sed
    escaped_content=$(/usr/bin/printf '%s' "$passphrase_content" | /usr/bin/sed -e 's/[&\\]/\\&/g')

    # Replace using | as delimiter (avoiding / conflicts)
    # Replace the passphrase line in the config file
    ${USE_SUPER} /usr/bin/sed -i "s|passphrase: \"cdzTE1Gk6/VuDlnU\"|passphrase: \"$escaped_content\"|g" /etc/execguard/config.yaml
    # Prompt the user
    /usr/bin/echo "Please modify your config home user's folders!!"
    read -p "Do you want to edit your config.yaml file with nano? [y/N] " choice
    case "$choice" in
        y|Y|[yY][eE][sS])
            ${USE_SUPER} /usr/bin/nano /etc/execguard/config.yaml
            echo "File has been edited."
            ;;
        *)
            echo "Skipping file edit."
            ;;
    esac
fi
${USE_SUPER} /usr/bin/chmod 640 /etc/execguard/config.yaml

if [ ! -f /etc/systemd/system/execguard@.service ]; then
    /usr/bin/echo "Adding SystemD Serivce file..."
    ${USE_SUPER} cp execguard@.service /etc/systemd/system/
    ${USE_SUPER} systemctl daemon-reload
fi

# NOTE: If your clamav is way out of date, uninstall it:
# sudo apt purge clamav clamav-daemon clamav-freshclam
if [ ! -x /usr/bin/clamscan ]; then
 /usr/bin/echo "Install clamAV..."
 auto-pkg-installer clamav clamav-daemon clamav-freshclam
 ${USE_SUPER} /usr/bin/freshclam
fi
if [ ! -d /var/lib/clamav/quarantine ]; then
    ${USE_SUPER} mkdir -p /var/lib/clamav/quarantine
    ${USE_SUPER} chown -R clamav:clamav /var/lib/clamav/quarantine
    ${USE_SUPER} chmod 750 /var/lib/clamav/quarantine
fi
if [ ! -x /usr/bin/sqlite3 ]; then
 /usr/bin/echo "Installing sqlite3 database tool..."
 auto-pkg-installer sqlite3
fi
/usr/bin/echo "Updating system bin files..."
/usr/bin/echo "Updating self into allowed list..."
${USE_SUPER} ./execguard --update /usr/local/bin/execguard
case $? in
    0)
        /usr/bin/echo -e "\nHey, it updated, config must be good."
        ;;
    1)
        /usr/bin/echo -e "\nMust be run as root OR invalid UPDATE Path...error!"
        exit 1
        ;;
    2)
        /usr/bin/echo -e "\nHey, the Database did not Open!"
        exit 1
        ;;
    3)
        /usr/bin/echo -e "\nHey, your Config File did not work!"
        exit 1
        ;;
    *)
        /usr/bin/echo -e "\nUnknown ERROR in execguard!"
        exit 1
        ;;
esac
${USE_SUPER} /usr/bin/chmod 660 /etc/execguard/system.db

${USE_SUPER} ./execguard --update "$(pwd)/update_bins.sh"
${USE_SUPER} ./execguard --update "$(pwd)/sys_update.sh"
${USE_SUPER} ./execguard --update "$(pwd)/vscan_bins.sh"
${USE_SUPER} ./execguard --update "$(pwd)/stopExecguard.sh"
${USE_SUPER} ./execguard --update "$(pwd)/startExecguard.sh"
${USE_SUPER} /usr/bin/cp startExecguard.sh /usr/bin/local
${USE_SUPER} /usr/bin/cp stopExecguard.sh /usr/bin/local
${USE_SUPER} ./execguard --update "/usr/local/bin/stopExecguard.sh"
${USE_SUPER} ./execguard --update "/usr/local/bin/startExecguard.sh"

./update_bins.sh
./vscan_bins.sh