#!/bin/bash # # ๐Ÿ”’ ROA2WEB Security Setup Script # Complete security implementation for the ROA2WEB project # set -e # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' echo -e "${GREEN}" echo "==============================================" echo "๐Ÿ”’ ROA2WEB SECURITY IMPLEMENTATION SETUP" echo "==============================================" echo -e "${NC}" # Function to print step headers print_step() { echo -e "${BLUE}๐Ÿ“‹ Step $1: $2${NC}" echo "----------------------------------------" } # Function to check if command exists command_exists() { command -v "$1" >/dev/null 2>&1 } # Check prerequisites print_step "1" "Checking Prerequisites" if ! command_exists python3; then echo -e "${RED}โŒ Python 3 is required but not installed${NC}" exit 1 fi if ! command_exists git; then echo -e "${RED}โŒ Git is required but not installed${NC}" exit 1 fi if [[ ! -d ".git" ]]; then echo -e "${RED}โŒ Not in a git repository${NC}" exit 1 fi echo -e "${GREEN}โœ… Prerequisites check passed${NC}" echo # Install git hooks print_step "2" "Installing Git Security Hooks" if [[ -f "security/install_hooks.sh" ]]; then chmod +x security/install_hooks.sh ./security/install_hooks.sh else echo -e "${RED}โŒ Hook installer not found${NC}" exit 1 fi echo # Make scripts executable print_step "3" "Setting Script Permissions" chmod +x security/secrets_scanner.py chmod +x security/git_cleanup.py echo -e "${GREEN}โœ… Script permissions set${NC}" echo # Run initial security scan print_step "4" "Running Initial Security Scan" echo -e "${YELLOW}๐Ÿ” Scanning repository for secrets...${NC}" python3 security/secrets_scanner.py --save-report initial_security_scan.json echo # Check git history for secrets print_step "5" "Checking Git History" echo -e "${YELLOW}๐Ÿ• Scanning git history (this may take a moment)...${NC}" python3 security/secrets_scanner.py --scan-git-history --save-report git_history_scan.json echo # Verify .gitignore protection print_step "6" "Verifying .gitignore Protection" echo "๐Ÿ” Checking .gitignore coverage..." # Check if critical patterns are in .gitignore critical_patterns=( "*.env" "*.key" "*.pem" "*secret*" "*credential*" "*password*" ) gitignore_issues=0 for pattern in "${critical_patterns[@]}"; do if ! grep -q "$pattern" .gitignore; then echo -e "${YELLOW}โš ๏ธ Pattern '$pattern' not found in .gitignore${NC}" gitignore_issues=$((gitignore_issues + 1)) fi done if [[ $gitignore_issues -eq 0 ]]; then echo -e "${GREEN}โœ… .gitignore security patterns verified${NC}" else echo -e "${YELLOW}โš ๏ธ $gitignore_issues security patterns missing from .gitignore${NC}" fi echo # Create security monitoring cron job (optional) print_step "7" "Setting Up Security Monitoring (Optional)" echo "๐Ÿ“… Would you like to set up automated daily security scans?" echo "This will add a cron job to run security scans daily at 9 AM" read -p "Setup automated scans? (y/N): " setup_cron if [[ "$setup_cron" =~ ^[Yy]$ ]]; then # Get current directory current_dir=$(pwd) # Create cron job entry cron_entry="0 9 * * * cd $current_dir && python3 security/secrets_scanner.py --save-report daily_scan_\$(date +\\%Y\\%m\\%d).json >/dev/null 2>&1" # Add to crontab (crontab -l 2>/dev/null; echo "$cron_entry") | crontab - echo -e "${GREEN}โœ… Daily security scan cron job added${NC}" else echo "๐Ÿ“ Skipped automated scan setup" fi echo # Security setup summary print_step "8" "Security Setup Summary" echo -e "${GREEN}๐ŸŽ‰ ROA2WEB Security Implementation Complete!${NC}" echo echo "๐Ÿ“‹ What was installed:" echo " โœ… Git hooks (pre-commit, commit-msg)" echo " โœ… Secrets scanner tool" echo " โœ… Git history cleanup tool" echo " โœ… Enhanced .gitignore patterns" echo " โœ… Security documentation" echo echo "๐Ÿ“Š Security scan results:" echo " ๐Ÿ“„ Initial scan: initial_security_scan.json" echo " ๐Ÿ“„ History scan: git_history_scan.json" echo echo "๐Ÿ”ง Available tools:" echo " ๐Ÿ” Security scan: python3 security/secrets_scanner.py" echo " ๐Ÿงน Git cleanup: python3 security/git_cleanup.py" echo " ๐Ÿ“‹ Documentation: security/README.md" echo # Critical warnings if [[ -f "initial_security_scan.json" ]]; then critical_violations=$(python3 -c " import json try: with open('initial_security_scan.json', 'r') as f: data = json.load(f) print(data.get('summary', {}).get('critical_violations', 0)) except: print(0) " 2>/dev/null || echo "0") if [[ "$critical_violations" -gt 0 ]]; then echo -e "${RED}" echo "๐Ÿšจ CRITICAL SECURITY ALERT!" echo "==============================" echo -e "${NC}" echo -e "${RED}Found $critical_violations critical security violations!${NC}" echo echo "๐Ÿ”ง IMMEDIATE ACTIONS REQUIRED:" echo "1. ๐Ÿ”‘ Regenerate all exposed credentials" echo "2. ๐Ÿงน Clean git history: python3 security/git_cleanup.py --cleanup" echo "3. ๐Ÿš€ Force push cleaned history to all remotes" echo "4. ๐Ÿ“ข Notify team to re-clone repository" echo echo "๐Ÿ“– See security/README.md for detailed procedures" echo fi fi echo -e "${BLUE}๐Ÿ“š Next Steps:${NC}" echo "1. Review security scan reports" echo "2. Read security/README.md for detailed guidance" echo "3. Follow security/SECURITY_PROCEDURES.md for ongoing security" echo "4. Train team members on new security procedures" echo echo -e "${GREEN}๐Ÿ”’ ROA2WEB is now security-enhanced!${NC}"