-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·78 lines (65 loc) · 2.46 KB
/
install.sh
File metadata and controls
executable file
·78 lines (65 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env bash
set -uo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROCYON_USER="$(whoami)"
PROCYON_HOME="${HOME}/.procyon"
echo "=== Procyon Installer ==="
echo "User: ${PROCYON_USER}"
echo "Home: ${PROCYON_HOME}"
# --- Step 1: Create directory structure ---
echo "[1/3] Creating directory structure..."
mkdir -p "${PROCYON_HOME}/locks"
echo " Created ${PROCYON_HOME}/"
echo " Created ${PROCYON_HOME}/locks/"
# --- Step 2: Initialize empty registry ---
if [ ! -f "${PROCYON_HOME}/registry.json" ]; then
echo '{"processes": {}, "version": "0.1.0"}' > "${PROCYON_HOME}/registry.json"
echo " Initialized registry.json"
else
echo " registry.json already exists, skipping"
fi
# --- Step 3: AppArmor profile ---
echo "[2/3] Setting up AppArmor profile..."
PROFILE_NAME="procyon.training"
PROFILE_PATH="/etc/apparmor.d/${PROFILE_NAME}"
# Check if AppArmor is available
if ! command -v aa-status &>/dev/null; then
echo " WARNING: AppArmor not found. Layer 2 protection unavailable."
echo " Layer 1 (signal interception + TTY gate) will still work."
else
PROFILE_CONTENT="# Procyon training process protection profile
# Generated by install.sh — do not edit manually
abi <abi/4.0>,
profile procyon_training {
# Allow everything the training process needs
/** rwlkix,
/proc/** rw,
/sys/** r,
/dev/** rw,
# Signal protection: only same-user procyon processes can send signals
signal (receive) peer=${PROCYON_USER},
# Deny signals from other users
deny signal (receive) peer=unconfined,
}
"
echo " Writing AppArmor profile to ${PROFILE_PATH}"
echo " This requires sudo access."
if echo "${PROFILE_CONTENT}" | sudo tee "${PROFILE_PATH}" > /dev/null 2>&1; then
sudo apparmor_parser -r "${PROFILE_PATH}" 2>/dev/null || \
sudo aa-enforce "${PROFILE_PATH}" 2>/dev/null || \
echo " WARNING: Could not load AppArmor profile. Run 'sudo aa-enforce ${PROFILE_PATH}' manually."
echo " AppArmor profile loaded."
else
echo " WARNING: No sudo access. Skipping AppArmor setup."
echo " Layer 1 (signal interception + TTY gate) will still work."
fi
fi
# --- Step 4: Make procyon.py executable ---
echo "[3/3] Setting permissions..."
chmod +x "${SCRIPT_DIR}/procyon.py"
echo " Made procyon.py executable"
echo ""
echo "=== Installation complete ==="
echo "Usage: python3 ${SCRIPT_DIR}/procyon.py status --pretty"
echo ""
echo "To start the watchdog: python3 ${SCRIPT_DIR}/procyon.py watch"