# ExecGuard
Blocks UnKnown or Changed Programs from running.
Please do not run on PROD!!! Do a Full Backup before installing!
This for educational use ONLY. Not fit for any real world system.
Please look at the go code, etc...

### About --init
This will initialize the /etc/execguard/allowed.db SQLite3 Database.
It is in Leaning mode... All program will run as normal.

## Install
```
cd execgaurd
sudo mkdir -p /etc/execguard/
cp config.json.example /etc/execguard/config.json
go build -o execguard
sudo mv execguard /usr/local/bin/
sudo execguard --update $(pwd)/update_bins.sh 
sudo ./update_bins.sh
sudo execguard --init
```
Ctrl+C to exit from execgaurd when done loading programs to allow.

# Run a Service
Kind of Dangerious!!:
```
sudo cp execguard.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now execguard
sudo service execguard status
```
Reboot, to have all Boot programs, load into learning mode.
Make sure that --init is running on the service file.

## Check the Logs!
```
sudo tail /var/log/execguard.log
```
Look out for - Found unauthorized executable: /path/to/program

# Update allowed list
```
sudo execguard --update /path/to/program
REPLACE /path/to/program with that found in the Log file.
```

# Once done initializing the System:
```
sudo nano /etc/systemd/system/execguard.service
[Service]
ExecStart=/usr/local/bin/execguard --init

REMOVE the --init from ExecStart command
```
Reboot.