You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.4 KiB
55 lines
1.4 KiB
# ExecGuard
|
|
Blocks UnKnown or Changed Programs from running.
|
|
Please do not run on PROD!!! Do a Full Backup before installing!
|
|
This for educational use ONLY. Not fit for any real world system.
|
|
Please look at the go code, etc...
|
|
|
|
### About --init
|
|
This will initialize the /etc/execguard/allowed.db SQLite3 Database.
|
|
It is in Leaning mode... All program will run as normal.
|
|
|
|
## Install
|
|
```
|
|
cd execgaurd
|
|
sudo mkdir -p /etc/execguard/
|
|
cp config.json.example /etc/execguard/config.json
|
|
go build -o execguard
|
|
sudo mv execguard /usr/local/bin/
|
|
sudo execguard --update $(pwd)/update_bins.sh
|
|
sudo ./update_bins.sh
|
|
sudo execguard --init
|
|
```
|
|
Ctrl+C to exit from execgaurd when done loading programs to allow.
|
|
|
|
# Run a Service
|
|
Kind of Dangerious!!:
|
|
```
|
|
sudo cp execguard.service /etc/systemd/system/
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now execguard
|
|
sudo service execguard status
|
|
```
|
|
Reboot, to have all Boot programs, load into learning mode.
|
|
Make sure that --init is running on the service file.
|
|
|
|
## Check the Logs!
|
|
```
|
|
sudo tail /var/log/execguard.log
|
|
```
|
|
Look out for - Found unauthorized executable: /path/to/program
|
|
|
|
# Update allowed list
|
|
```
|
|
sudo execguard --update /path/to/program
|
|
REPLACE /path/to/program with that found in the Log file.
|
|
```
|
|
|
|
# Once done initializing the System:
|
|
```
|
|
sudo nano /etc/systemd/system/execguard.service
|
|
[Service]
|
|
ExecStart=/usr/local/bin/execguard --init
|
|
|
|
REMOVE the --init from ExecStart command
|
|
```
|
|
Reboot.
|
|
|