#!/usr/bin/env bash # setup.sh # Run once after cloning on any VM where you want security scanning active. set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" echo "=== Security Tools Setup ===" echo "" # ── Telegram credentials ─────────────────────────────────────────────────────── if [[ -f "$SCRIPT_DIR/config.sh" ]]; then echo "config.sh already exists — skipping credential setup." else echo "Enter your Telegram bot token:" read -r BOT_TOKEN echo "Enter your Telegram chat ID:" read -r CHAT_ID cat > "$SCRIPT_DIR/config.sh" </dev/null || true) if echo "$EXISTING" | grep -qF "npm-security-check.sh"; then echo "Cron job for npm-security-check.sh already registered — skipping." else (echo "$EXISTING"; echo "$CRON_1") | crontab - echo "Cron job registered: npm-security-check.sh daily at 08:00." fi if echo "$EXISTING" | grep -qF "check-nextjs-rce.sh"; then echo "Cron job for check-nextjs-rce.sh already registered — skipping." else (crontab -l 2>/dev/null; echo "$CRON_2") | crontab - echo "Cron job registered: check-nextjs-rce.sh daily at 08:05." fi # ── Test Telegram ────────────────────────────────────────────────────────────── source "$SCRIPT_DIR/config.sh" HOSTNAME=$(hostname) echo "" echo "Sending test Telegram message..." RESPONSE=$(curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \ -d chat_id="${TELEGRAM_CHAT_ID}" \ -d text="✅ Security Tools Active Host: ${HOSTNAME} Scripts registered and running daily at 08:00." \ -d parse_mode="HTML") if echo "$RESPONSE" | grep -q '"ok":true'; then echo "Test message sent to Telegram." else echo "Warning: Telegram message failed. Check your token and chat ID in config.sh." fi echo "" echo "Setup complete. Security scans will run daily at 08:00 on ${HOSTNAME}."