You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.4 KiB
1.4 KiB
ExecGuard
Blocks UnKnown or Changed Programs from running. Please do not run on PROD!!! Do a Full Backup before installing! This for educational use ONLY. Not fit for any real world system. Please look at the go code, etc...
About --init
This will initialize the /etc/execguard/allowed.db SQLite3 Database. It is in Leaning mode... All program will run as normal.
Install
cd execgaurd
sudo mkdir -p /etc/execguard/
cp config.json.example /etc/execguard/config.json
go build -o execguard
sudo mv execguard /usr/local/bin/
sudo execguard --update $(pwd)/update_bins.sh
sudo ./update_bins.sh
sudo execguard --init
Ctrl+C to exit from execgaurd when done loading programs to allow.
Run a Service
Kind of Dangerious!!:
sudo cp execguard.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now execguard
sudo service execguard status
Reboot, to have all Boot programs, load into learning mode. Make sure that --init is running on the service file.
Check the Logs!
sudo tail /var/log/execguard.log
Look out for - Found unauthorized executable: /path/to/program
Update allowed list
sudo execguard --update /path/to/program
REPLACE /path/to/program with that found in the Log file.
Once done initializing the System:
sudo nano /etc/systemd/system/execguard.service
[Service]
ExecStart=/usr/local/bin/execguard --init
REMOVE the --init from ExecStart command
Reboot.