You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
227 lines
7.0 KiB
227 lines
7.0 KiB
#!/bin/bash
|
|
|
|
# Copyright (c) 2025 Robert Strutts <bobs@NewToFaith.com>
|
|
# License: MIT
|
|
# GIT: https://git.mysnippetsofcode.com/bobs/execguard
|
|
|
|
export CGO_ENABLED=1
|
|
# See if the User can become ROOT user
|
|
if [ "$EUID" -eq 0 ]; then
|
|
USE_SUPER=""
|
|
elif groups "$USER" | grep -o "sudo" >/dev/null 2>/dev/null; then
|
|
USE_SUPER="/usr/bin/sudo"
|
|
elif groups "$USER" | grep -o "doas" >/dev/null 2>/dev/null; then
|
|
USE_SUPER="/usr/bin/doas"
|
|
elif groups "$USER" | grep -o "wheel" >/dev/null 2>/dev/null; then
|
|
USE_SUPER="/usr/bin/sudo"
|
|
elif groups "$USER" | grep -o "admin" >/dev/null 2>/dev/null; then
|
|
USE_SUPER="/usr/bin/sudo"
|
|
else
|
|
USE_SUPER="error"
|
|
fi
|
|
|
|
if [ "$USE_SUPER" == "error" ]; then
|
|
/usr/bin/echo "Please run as root! OR add self to suders file!"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f config.json.example ]; then
|
|
/usr/bin/echo "Default config EXAMPLE file missing...Bailing..."
|
|
/usr/bin/echo "Please re-create or re-download the config.json.example file."
|
|
exit 1
|
|
fi
|
|
if [ ! -f go.mod ]; then
|
|
/usr/bin/echo "go.mod program descriptor missing!"
|
|
exit 1
|
|
fi
|
|
if [ ! -f execguard.go ]; then
|
|
/usr/bin/echo "execguard go code missing!"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
# Help OLD systems out...if apt does not exists link to apt-get!
|
|
if [ ! -x /usr/bin/apt ]; then
|
|
if [ -x /usr/bin/apt-get ]; then
|
|
${USE_SUPER} ln -s /usr/bin/apt-get /usr/bin/apt
|
|
fi
|
|
fi
|
|
|
|
auto-pkg-installer() {
|
|
if [ -z "$1" ]; then
|
|
/usr/bin/echo "Please give a package name to install!"
|
|
return 1
|
|
fi
|
|
|
|
declare -A osInfo;
|
|
osInfo[/etc/redhat-release]="yum install"
|
|
osInfo[/etc/arch-release]="pacman -S"
|
|
osInfo[/etc/gentoo-release]="emerge"
|
|
osInfo[/etc/SuSE-release]="zypper install"
|
|
osInfo[/etc/debian_version]="/usr/bin/apt install -y"
|
|
osInfo[/etc/alpine-release]="apk add --no-cache"
|
|
for f in "${!osInfo[@]}"
|
|
do
|
|
if [[ -f $f ]];then
|
|
${USE_SUPER} ${osInfo[$f]} "$@"
|
|
fi
|
|
done
|
|
}
|
|
|
|
if [ -f /etc/systemd/system/execguard@.service ]; then
|
|
./stopExecguard.sh
|
|
fi
|
|
if [ ! -d /etc/execgaurd ]; then
|
|
${USE_SUPER} /usr/bin/mkdir -p /etc/execguard
|
|
fi
|
|
if [ ! -x /usr/bin/wget ]; then
|
|
/usr/bin/echo "wget is needed to download go-lang..."
|
|
auto-pkg-installer wget
|
|
fi
|
|
if [ ! -x /usr/bin/tar ]; then
|
|
/usr/bin/echo "Installing tar..."
|
|
auto-pkg-installer tar
|
|
fi
|
|
if [ ! -x /usr/bin/gcc ]; then
|
|
/usr/bin/echo "Installing gcc...the GNU c Compiler..."
|
|
auto-pkg-installer gcc
|
|
fi
|
|
|
|
if [ ! -x /usr/local/go/bin/go ]; then
|
|
if [ ! -d ~/Downloads ]; then
|
|
/usr/bin/mkdir -p ~/Downloads
|
|
fi
|
|
/usr/bin/echo "Installing go lang...."
|
|
/usr/bin/wget https://go.dev/dl/go1.24.3.linux-amd64.tar.gz
|
|
${USE_SUPER} tar -C /usr/local -xzf go1.24.3.linux-amd64.tar.gz
|
|
/usr/bin/mv go1.24.3.linux-amd64.tar.gz ~/Downloads/
|
|
if [ -x /usr/local/bin/go ]; then
|
|
/usr/bin/sudo /usr/bin/rm /usr/local/bin/go
|
|
fi
|
|
/usr/bin/sudo /usr/bin/ln -s /usr/local/go/bin/go /usr/local/bin/
|
|
fi
|
|
/usr/bin/echo "Building new execguard..."
|
|
DoBuild() {
|
|
/usr/local/bin/go build -o execguard
|
|
if [ $? -eq 0 ]; then
|
|
${USE_SUPER} /usr/bin/cp execguard /usr/local/bin/
|
|
/usr/bin/echo "Success!"
|
|
return 0
|
|
else
|
|
/usr/bin/echo "Failed to Build execguard from go file...!"
|
|
return 1
|
|
fi
|
|
}
|
|
if ! DoBuild; then
|
|
# Prompt the user
|
|
/usr/bin/echo "Was their a go-lang version update?"
|
|
read -p "Try to clear the cache? [y/N] " choice
|
|
case "$choice" in
|
|
y|Y|[yY][eE][sS])
|
|
/usr/bin/echo "Attempting to clean cache..."
|
|
;;
|
|
*)
|
|
echo "Aborting...!"
|
|
exit 1
|
|
;;
|
|
esac
|
|
/usr/local/bin/go clean -modcache
|
|
/usr/local/bin/go clean -cache
|
|
/usr/local/bin/go mod tidy
|
|
/usr/bin/echo "Re-Builind 2nd Try, last try..."
|
|
if ! DoBuild; then
|
|
/usr/bin/echo "Could not clean source modules...!"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ ! -x /usr/bin/nano ]; then
|
|
echo "Installing nano text editor..."
|
|
auto-pkg-installer nano
|
|
fi
|
|
if [ ! -f /etc/execguard/config.yaml ]; then
|
|
/usr/bin/mkdir -p /etc/execguard
|
|
${USE_SUPER} cp config.yaml.example /etc/execguard/yaml.json
|
|
# Make an xxTea safe KEY!
|
|
passphrase_content=$(./execguard --newKey)
|
|
# Escape special characters (like &, \, and newlines) for sed
|
|
escaped_content=$(/usr/bin/printf '%s' "$passphrase_content" | /usr/bin/sed -e 's/[&\\]/\\&/g')
|
|
|
|
# Replace using | as delimiter (avoiding / conflicts)
|
|
# Replace the passphrase line in the config file
|
|
${USE_SUPER} /usr/bin/sed -i "s|passphrase: \"cdzTE1Gk6/VuDlnU\"|passphrase: \"$escaped_content\"|g" /etc/execguard/config.yaml
|
|
# Prompt the user
|
|
/usr/bin/echo "Please modify your config home user's folders!!"
|
|
read -p "Do you want to edit your config.yaml file with nano? [y/N] " choice
|
|
case "$choice" in
|
|
y|Y|[yY][eE][sS])
|
|
${USE_SUPER} /usr/bin/nano /etc/execguard/config.yaml
|
|
echo "File has been edited."
|
|
;;
|
|
*)
|
|
echo "Skipping file edit."
|
|
;;
|
|
esac
|
|
fi
|
|
${USE_SUPER} /usr/bin/chmod 640 /etc/execguard/config.yaml
|
|
|
|
if [ ! -f /etc/systemd/system/execguard@.service ]; then
|
|
/usr/bin/echo "Adding SystemD Serivce file..."
|
|
${USE_SUPER} cp execguard@.service /etc/systemd/system/
|
|
${USE_SUPER} systemctl daemon-reload
|
|
fi
|
|
|
|
# NOTE: If your clamav is way out of date, uninstall it:
|
|
# sudo apt purge clamav clamav-daemon clamav-freshclam
|
|
if [ ! -x /usr/bin/clamscan ]; then
|
|
/usr/bin/echo "Install clamAV..."
|
|
auto-pkg-installer clamav clamav-daemon clamav-freshclam
|
|
${USE_SUPER} /usr/bin/freshclam
|
|
fi
|
|
if [ ! -d /var/lib/clamav/quarantine ]; then
|
|
${USE_SUPER} mkdir -p /var/lib/clamav/quarantine
|
|
${USE_SUPER} chown -R clamav:clamav /var/lib/clamav/quarantine
|
|
${USE_SUPER} chmod 750 /var/lib/clamav/quarantine
|
|
fi
|
|
if [ ! -x /usr/bin/sqlite3 ]; then
|
|
/usr/bin/echo "Installing sqlite3 database tool..."
|
|
auto-pkg-installer sqlite3
|
|
fi
|
|
/usr/bin/echo "Updating system bin files..."
|
|
/usr/bin/echo "Updating self into allowed list..."
|
|
${USE_SUPER} ./execguard --update /usr/local/bin/execguard
|
|
case $? in
|
|
0)
|
|
/usr/bin/echo -e "\nHey, it updated, config must be good."
|
|
;;
|
|
1)
|
|
/usr/bin/echo -e "\nMust be run as root OR invalid UPDATE Path...error!"
|
|
exit 1
|
|
;;
|
|
2)
|
|
/usr/bin/echo -e "\nHey, the Database did not Open!"
|
|
exit 1
|
|
;;
|
|
3)
|
|
/usr/bin/echo -e "\nHey, your Config File did not work!"
|
|
exit 1
|
|
;;
|
|
*)
|
|
/usr/bin/echo -e "\nUnknown ERROR in execguard!"
|
|
exit 1
|
|
;;
|
|
esac
|
|
${USE_SUPER} /usr/bin/chmod 660 /etc/execguard/system.db
|
|
|
|
${USE_SUPER} ./execguard --update "$(pwd)/update_bins.sh"
|
|
${USE_SUPER} ./execguard --update "$(pwd)/sys_update.sh"
|
|
${USE_SUPER} ./execguard --update "$(pwd)/vscan_bins.sh"
|
|
${USE_SUPER} ./execguard --update "$(pwd)/stopExecguard.sh"
|
|
${USE_SUPER} ./execguard --update "$(pwd)/startExecguard.sh"
|
|
${USE_SUPER} /usr/bin/cp startExecguard.sh /usr/bin/local
|
|
${USE_SUPER} /usr/bin/cp stopExecguard.sh /usr/bin/local
|
|
${USE_SUPER} ./execguard --update "/usr/local/bin/stopExecguard.sh"
|
|
${USE_SUPER} ./execguard --update "/usr/local/bin/startExecguard.sh"
|
|
|
|
./update_bins.sh
|
|
./vscan_bins.sh
|
|
|