execguard/README.md

# ExecGuard
Blocks UnKnown or Changed Programs from running.
Please do not run on PROD!!! Do a Full Backup before installing!
This for educational use ONLY. Not fit for any real world system.
Please look at the go code, etc...

### About --init
This will initialize the /etc/execguard/allowed.db SQLite3 Database.
It is in Leaning mode... All program will run as normal.

## Install
```
cd execgaurd
sudo mkdir -p /etc/execguard/
cp config.json.example /etc/execguard/config.json
go build -o execguard
sudo mv execguard /usr/local/bin/
sudo execguard --update $(pwd)/update_bins.sh 
sudo execguard --update $(pwd)/sys_update.sh
sudo ./update_bins.sh
sudo execguard --init
```
Ctrl+C to exit from execgaurd when done loading programs to allow.

# Run a Service
Kind of Dangerious!!:
```
sudo cp execguard.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now execguard
sudo service execguard status
```
Reboot, to have all Boot programs, load into learning mode.
Make sure that --init is running on the service file.

## Check the Logs!
```
sudo tail /var/log/execguard.log
```
Look out for - Found unauthorized executable: /path/to/program

# Update allowed list
```
sudo execguard --update /path/to/program
REPLACE /path/to/program with that found in the Log file.
```

# Once done initializing the System:
```
sudo nano /etc/systemd/system/execguard.service
[Service]
ExecStart=/usr/local/bin/execguard --init

REMOVE the --init from ExecStart command
```
Reboot.

# Disable Auto-Updates
```
sudo systemctl disable --now apt-daily.timer
sudo systemctl disable --now apt-daily-upgrade.timer
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
sudo apt remove unattended-upgrades
```
# Manual System Updates via Apt
```
./sys_update.sh
```