-
Notifications
You must be signed in to change notification settings - Fork 0
/
scan_aliases.sh
executable file
·232 lines (214 loc) · 7.15 KB
/
scan_aliases.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#!/bin/bash
SANE_CHECKER="${_PROFILES_PATH}.sane_checker.sum"
SANE_CERTS="${_PROFILES_PATH}.sane_certs.sum"
export SHA_SUM_APP=/usr/bin/sha256sum
error_status=$(mktemp)
_f_do_as() {
local file_name="$1"
shift # Remove the first argment (the file)
if [ -r "$file_name" ]; then
$@
else
$USE_SUPER $@
fi
}
if groups "$USER" | grep -o "sudo" >/dev/null 2>/dev/null; then
USE_SUPER="sudo"
elif groups "$USER" | grep -o "doas" >/dev/null 2>/dev/null; then
USE_SUPER="doas"
elif groups "$USER" | grep -o "wheel" >/dev/null 2>/dev/null; then
USE_SUPER="sudo"
elif groups "$USER" | grep -o "admin" >/dev/null 2>/dev/null; then
USE_SUPER="sudo"
elif [ "$EUID" -eq 0 ]; then
USE_SUPER="\$"
else
USE_SUPER=""
fi
export USE_SUPER
SANE_TEST_FAILED=0
tmpsum=$(mktemp -u --suffix ".sum.tmp")
tmpsum2=$(mktemp -u --suffix ".sum2.tmp")
# Spinner function with multiple animation styles
_my_spinner() {
local pid=$1
local style=${2:-0}
local delay=0.1
case $style in
0) local chars='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏' ;; # Braille dots
1) local chars='▁▂▃▄▅▆▇█▇▆▅▄▃▂▁' ;; # Growing bar
2) local chars='_-~+=*@#.?' ;; # Arrows
3) local chars='◐◓◑◒' ;; # Circle
4) local chars='⣾⣽⣻⢿⡿⣟⣯⣷' ;; # Detailed Braille
esac
local color='\e[34m' # Blue color
local reset='\e[0m'
# Hide cursor
tput civis
while kill -0 $pid 2>/dev/null; do
# Save cursor position
echo -en "\e7"
for ((i=0; i<${#chars}; i++)); do
# Restore cursor position
echo -en "\e8"
echo -en "\e[H${color}[${chars:$i:1}] Scanning Files...${reset}"
sleep $delay
done
done
# Show cursor
tput cnorm
# Clear line
echo -en "\r\033[K"
}
#shaXsum
require_root() {
local sane_file_name="$1"
local temp_file="$2"
if [ "$EUID" -eq 0 ]; then
mv "$temp_file" "$sane_file_name"
chown root:root "$sane_file_name"
chmod 444 "$sane_file_name"
chattr +i "$sane_file_name"
else
echo "Trying to make sane sum file Immutable for security purposes, Please enter ROOT password when prompted."
if [ -n "$USE_SUPER" ] && sudo --validate; then
sudo mv "$temp_file" "$sane_file_name"
sudo chown root:root "$sane_file_name"
sudo chmod 444 "$sane_file_name"
sudo chattr +i "$sane_file_name"
else
echo "Please have a ROOT user make this file: $sane_file_name Immutable!"
fi
fi
}
prompter_for_fix() {
echo "Verify the integerity of your aliases scripts, then run:"
if [ ! -w "$SANE_CHECKER" ]; then
echo -e "\r\n sudo chattr -i \"$SANE_CHECKER\" \r\n sudo chmod 664 \"$SANE_CHECKER\" \r\n sudo rm $SANE_CHECKER"
else
echo -e "sudo rm $SANE_CHECKER"
fi
}
good=1
if [ ! -f "$SANE_CHECKER" ]; then
echo -e "\033[0;34m 1st run added to sane sum file! \033[0m"
$SHA_SUM_APP {/opt/profiles/*.sh,/opt/profiles/scripts/*.sh,/opt/profiles/aliases/*.env,/opt/profiles/custom_aliases/*.env,~/.bash_aliases,~/.bashrc,~/.bash_logout,~/.git_bash_prompt,~/.profile,~/.kube-ps1,/opt/profiles/theme} > "$tmpsum" 2>/dev/null
require_root "$SANE_CHECKER" "$tmpsum"
good=0
else
if [ -w "$SANE_CHECKER" ]; then
echo -e "\033[0;31m Warning -- sane sum Security file is Mutable! Please have a Root User run: \r\n \033[0m sudo chmod 444 \"$SANE_CHECKER\" \r\n AND then run \r\n sudo chattr +i \"$SANE_CHECKER\" \r\n"
good=0
fi
fi
if [ ! -f "$SANE_CERTS" ]; then
echo -e "\033[0;34m 1st run added to sane certs sum file! \033[0m"
$SHA_SUM_APP /etc/ssl/certs/* > "$tmpsum2" 2>/dev/null
require_root "$SANE_CERTS" "$tmpsum2"
good=0
else
if [ -w "$SANE_CERTS" ]; then
echo -e "\033[0;31m Warning -- sane sum Cert Security file is Mutable! Please have a Root User run: \r\n \033[0m sudo chmod 444 \"$SANE_CERTS\" \r\n AND then run \r\n sudo chattr +i \"$SANE_CERTS\" \r\n"
good=0
fi
fi
check_certificates() {
if [ -f "$SANE_CHECKER" ]; then
for FILE in /opt/profiles/*.sh; do
if [ -f "$FILE" ] && ! grep -q "$FILE" "$SANE_CHECKER"; then
SANE_TEST_FAILED=1
fi
done
for FILE in /opt/profiles/scripts/*.sh; do
if [ -f "$FILE" ] && ! grep -q "$FILE" "$SANE_CHECKER"; then
echo -e "\033[0;31m $FILE is a new file! \r\n Please Scan it for viruses. \033[0m" >> "$error_status"
SANE_TEST_FAILED=1
fi
done
for FILE in /opt/profiles/aliases/*.env; do
if [ -f "$FILE" ] && ! grep -q "$FILE" "$SANE_CHECKER"; then
echo -e "\033[0;31m $FILE is a new file! \r\n Please Scan it for viruses. \033[0m" >> "$error_status"
SANE_TEST_FAILED=1
fi
done
for FILE in /opt/profiles/custom_aliases/*.env; do
if [ -f "$FILE" ] && ! grep -q "$FILE" "$SANE_CHECKER"; then
echo -e "\033[0;31m $FILE is a new file! \r\n Please Scan it for viruses. \033[0m" >> "$error_status"
SANE_TEST_FAILED=1
fi
done
if ! $SHA_SUM_APP --quiet -c "$SANE_CHECKER"; then
echo -e "\033[0;31m Danger...? Failed Sane checker!! \033[0m" >> "$error_status"
SANE_TEST_FAILED=1
fi
fi
if [ "$SANE_TEST_FAILED" -eq 1 ]; then
return 1
else
return 0
fi
}
# Create a temporary file to store the exit status
temp_status=$(mktemp)
if [ "$good" -eq 1 ]; then
# Run the check in background and capture its exit status
(check_certificates; echo $? > "$temp_status") &
# Start spinner with style 0 (can be changed to 1-4 for different animations)
_my_spinner $! 0
# Wait for background process to complete
wait
# Read the exit status and clean up
exit_status=$(cat "$temp_status")
if [ "$exit_status" -eq 1 ]; then
prompter_for_fix
SANE_TEST_FAILED=1
else
SANE_TEST_FAILED=$exit_status
fi
fi
# sed to remove any evil ANSI codes
cat "$error_status" | sed -r 's/\x1b\[[0-9;]*m//g'
rm "$error_status"
rm "$temp_status"
_do_scan_ssl_certs() {
if [ -f "$SANE_CERTS" ]; then
changed=0
for cert in /etc/ssl/certs/*; do
if [ -f "$cert" ]; then # Only process regular files
if ! grep -q "$($SHA_SUM_APP "$cert")" "$SANE_CERTS"; then
echo -e "\033[0;31mWARNING: Modified or new cert found: $cert \r\n \033[0m" >> "$ssl_error_status"
changed=1
fi
fi
done
if [ "$changed" -eq 1 ]; then
echo "Please -- Verify the integerity of your SSL Certs, then run:" >> "$ssl_error_status"
if [ ! -w "$SANE_CERTS" ]; then
echo -e "\r\n sudo chattr -i \"$SANE_CERTS\" \r\n sudo chmod 664 \"$SANE_CERTS\" \r\n sudo rm $SANE_CERTS" >> "$ssl_error_status"
else
echo -e "sudo rm $SANE_CERTS" >> "$ssl_error_status"
fi
SANE_TEST_FAILED=1
else
echo -e "SSL Certs look the same..." >> "$ssl_error_status"
fi
fi
}
scan_ssl_certs() {
clear
ssl_error_status=$(mktemp)
# Run the check in background and capture its exit status
(_do_scan_ssl_certs) &
# Start spinner with style 0 (can be changed to 1-4 for different animations)
_my_spinner $! 0
# Wait for background process to complete
wait
cat "$ssl_error_status" | sed -r 's/\x1b\[[0-9;]*m//g'
rm "$ssl_error_status"
}
# Unset the function
unset -f _f_do_as
unset -f require_root
unset -f prompter_for_fix
unset -f check_certificates
source ${_PROFILES_PATH}scan_libs.sh