Add Telegram alerts, setup script, and cron registration
- setup.sh: run once after cloning to configure credentials and register cron jobs - config.sh gitignored so credentials never enter the repo - Both scripts notify Telegram on issues/warnings, including hostname - Cron runs npm-security-check at 08:00 and check-nextjs-rce at 08:05 daily
This commit is contained in:
pdmarf
75
setup.sh
Executable file
75
setup.sh
Executable file
@@ -0,0 +1,75 @@
|
||||
#!/usr/bin/env bash
|
||||
# setup.sh
|
||||
# Run once after cloning on any VM where you want security scanning active.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
echo "=== Security Tools Setup ==="
|
||||
echo ""
|
||||
|
||||
# ── Telegram credentials ───────────────────────────────────────────────────────
|
||||
if [[ -f "$SCRIPT_DIR/config.sh" ]]; then
|
||||
echo "config.sh already exists — skipping credential setup."
|
||||
else
|
||||
echo "Enter your Telegram bot token:"
|
||||
read -r BOT_TOKEN
|
||||
echo "Enter your Telegram chat ID:"
|
||||
read -r CHAT_ID
|
||||
|
||||
cat > "$SCRIPT_DIR/config.sh" <<EOF
|
||||
#!/usr/bin/env bash
|
||||
# Telegram notification config
|
||||
TELEGRAM_BOT_TOKEN="${BOT_TOKEN}"
|
||||
TELEGRAM_CHAT_ID="${CHAT_ID}"
|
||||
EOF
|
||||
chmod 600 "$SCRIPT_DIR/config.sh"
|
||||
echo "config.sh created."
|
||||
fi
|
||||
|
||||
# ── Make scripts executable ────────────────────────────────────────────────────
|
||||
chmod +x "$SCRIPT_DIR/npm-security-check.sh"
|
||||
chmod +x "$SCRIPT_DIR/check-nextjs-rce.sh"
|
||||
|
||||
# ── Cron jobs ──────────────────────────────────────────────────────────────────
|
||||
CRON_1="0 8 * * * $SCRIPT_DIR/npm-security-check.sh >> $SCRIPT_DIR/npm-security-check-cron.log 2>&1"
|
||||
CRON_2="5 8 * * * $SCRIPT_DIR/check-nextjs-rce.sh >> $SCRIPT_DIR/check-nextjs-rce-cron.log 2>&1"
|
||||
|
||||
EXISTING=$(crontab -l 2>/dev/null || true)
|
||||
|
||||
if echo "$EXISTING" | grep -qF "npm-security-check.sh"; then
|
||||
echo "Cron job for npm-security-check.sh already registered — skipping."
|
||||
else
|
||||
(echo "$EXISTING"; echo "$CRON_1") | crontab -
|
||||
echo "Cron job registered: npm-security-check.sh daily at 08:00."
|
||||
fi
|
||||
|
||||
if echo "$EXISTING" | grep -qF "check-nextjs-rce.sh"; then
|
||||
echo "Cron job for check-nextjs-rce.sh already registered — skipping."
|
||||
else
|
||||
(crontab -l 2>/dev/null; echo "$CRON_2") | crontab -
|
||||
echo "Cron job registered: check-nextjs-rce.sh daily at 08:05."
|
||||
fi
|
||||
|
||||
# ── Test Telegram ──────────────────────────────────────────────────────────────
|
||||
source "$SCRIPT_DIR/config.sh"
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
echo ""
|
||||
echo "Sending test Telegram message..."
|
||||
RESPONSE=$(curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d chat_id="${TELEGRAM_CHAT_ID}" \
|
||||
-d text="✅ <b>Security Tools Active</b>
|
||||
Host: <code>${HOSTNAME}</code>
|
||||
Scripts registered and running daily at 08:00." \
|
||||
-d parse_mode="HTML")
|
||||
|
||||
if echo "$RESPONSE" | grep -q '"ok":true'; then
|
||||
echo "Test message sent to Telegram."
|
||||
else
|
||||
echo "Warning: Telegram message failed. Check your token and chat ID in config.sh."
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Setup complete. Security scans will run daily at 08:00 on ${HOSTNAME}."
|
||||
Reference in New Issue
Block a user