Restructure repo into package/ and standalone/ directories

Moves automated scan scripts and setup.sh into package/. bind-ssh-tailscale.sh remains in standalone/ as a manual-run tool. Updates README.md setup instructions to reflect new paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 14:25:11 +01:00
parent 50aa38712e
commit 7585a12b6d
6 changed files with 4 additions and 4 deletions
--- a/setup.sh
+++ b/setup.sh
@@ -1,112 +0,0 @@
-#!/usr/bin/env bash
-# setup.sh
-# Run once after cloning on any VM where you want security scanning active.
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-echo "=== Security Tools Setup ==="
-echo ""
-
-# ── Git config ────────────────────────────────────────────────────────────────
-git -C "$SCRIPT_DIR" config pull.rebase false
-echo "Git pull strategy set to merge."
-
-# ── Telegram credentials ───────────────────────────────────────────────────────
-if [[ -f "$SCRIPT_DIR/config.sh" ]]; then
-    echo "config.sh already exists — skipping credential setup."
-else
-    echo "Enter your Telegram bot token:"
-    read -r BOT_TOKEN
-    echo "Enter your Telegram chat ID:"
-    read -r CHAT_ID
-
-    cat > "$SCRIPT_DIR/config.sh" <<EOF
-#!/usr/bin/env bash
-# Telegram notification config
-TELEGRAM_BOT_TOKEN="${BOT_TOKEN}"
-TELEGRAM_CHAT_ID="${CHAT_ID}"
-EOF
-    chmod 600 "$SCRIPT_DIR/config.sh"
-    echo "config.sh created."
-fi
-
-# ── Make scripts executable ────────────────────────────────────────────────────
-chmod +x "$SCRIPT_DIR/npm-security-check.sh"
-chmod +x "$SCRIPT_DIR/check-nextjs-rce.sh"
-chmod +x "$SCRIPT_DIR/check-npm-sudo-config.sh"
-
-# ── Create logs directory ──────────────────────────────────────────────────────
-mkdir -p "$SCRIPT_DIR/logs"
-
-# ── Cron jobs ──────────────────────────────────────────────────────────────────
-CRON_1="0 8 * * * $SCRIPT_DIR/npm-security-check.sh >> $SCRIPT_DIR/logs/npm-security-check-\$(date +\%Y\%m\%d).log 2>&1"
-CRON_2="5 8 * * * $SCRIPT_DIR/check-nextjs-rce.sh >> $SCRIPT_DIR/logs/check-nextjs-rce-\$(date +\%Y\%m\%d).log 2>&1"
-CRON_3="10 8 * * * $SCRIPT_DIR/check-npm-sudo-config.sh >> $SCRIPT_DIR/logs/check-npm-sudo-config-\$(date +\%Y\%m\%d).log 2>&1"
-CRON_4="0 9 * * * find $SCRIPT_DIR/logs -name '*.log' -mtime +60 -delete"
-
-EXISTING=$(crontab -l 2>/dev/null || true)
-
-if echo "$EXISTING" | grep -qF "npm-security-check.sh"; then
-    echo "Cron job for npm-security-check.sh already registered — skipping."
-else
-    (echo "$EXISTING"; echo "$CRON_1") | crontab -
-    echo "Cron job registered: npm-security-check.sh daily at 08:00."
-fi
-
-if echo "$EXISTING" | grep -qF "check-nextjs-rce.sh"; then
-    echo "Cron job for check-nextjs-rce.sh already registered — skipping."
-else
-    (crontab -l 2>/dev/null; echo "$CRON_2") | crontab -
-    echo "Cron job registered: check-nextjs-rce.sh daily at 08:05."
-fi
-
-if echo "$EXISTING" | grep -qF "check-npm-sudo-config.sh"; then
-    echo "Cron job for check-npm-sudo-config.sh already registered — skipping."
-else
-    (crontab -l 2>/dev/null; echo "$CRON_3") | crontab -
-    echo "Cron job registered: check-npm-sudo-config.sh daily at 08:10."
-fi
-
-if echo "$EXISTING" | grep -qF "logs -name '*.log'"; then
-    echo "Log cleanup cron already registered — skipping."
-else
-    (crontab -l 2>/dev/null; echo "$CRON_4") | crontab -
-    echo "Cron job registered: log cleanup daily at 09:00 (60 day retention)."
-fi
-
-# ── Test Telegram ──────────────────────────────────────────────────────────────
-source "$SCRIPT_DIR/config.sh"
-HOSTNAME=$(hostname)
-
-echo ""
-echo "Sending test Telegram message..."
-RESPONSE=$(curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-    -d chat_id="${TELEGRAM_CHAT_ID}" \
-    -d text="✅ <b>Security Tools Active</b>
-Host: <code>${HOSTNAME}</code>
-Scripts registered and running daily at 08:00." \
-    -d parse_mode="HTML")
-
-if echo "$RESPONSE" | grep -q '"ok":true'; then
-    echo "Test message sent to Telegram."
-else
-    echo "Warning: Telegram message failed. Check your token and chat ID in config.sh."
-fi
-
-echo ""
-echo "Setup complete. Security scans will run daily at 08:00 on ${HOSTNAME}."
-
-# ── Initial scan ───────────────────────────────────────────────────────────────
-echo ""
-echo "Running initial security scan..."
-bash "$SCRIPT_DIR/npm-security-check.sh" >> "$SCRIPT_DIR/logs/npm-security-check-$(date +%Y%m%d).log" 2>&1 && echo "npm-security-check: done." || echo "npm-security-check: issues found — check Telegram."
-bash "$SCRIPT_DIR/check-nextjs-rce.sh" >> "$SCRIPT_DIR/logs/check-nextjs-rce-$(date +%Y%m%d).log" 2>&1 && echo "check-nextjs-rce: done." || echo "check-nextjs-rce: issues found — check Telegram."
-NPM_SUDO_LOG="$SCRIPT_DIR/logs/check-npm-sudo-config-$(date +%Y%m%d).log"
-echo ""
-echo "--- npm sudo config audit results ---"
-bash "$SCRIPT_DIR/check-npm-sudo-config.sh" 2>&1 | tee -a "$NPM_SUDO_LOG"
-echo "-------------------------------------"
-echo ""
-echo "Initial scan complete. Check Telegram for any alerts."