Allow selected applications
  • 10 Oct 2024
  • 2 Minutes to read
  • PDF

Allow selected applications

  • PDF

Article summary

Use this script to allow selected applications on Linux machines.

  1. Copy and save the contents below to a UTF-8 editor like notepad++ OR Sublime Text in Windows or gedit in Ubuntu.

    1. If you are using notepad++ then use the bottom right panel to change the type to Unix (LF).

  2. Or click here to download the file.

    cat << EOF | sudo tee /etc/xdg/autostart/allowed_apps_daemon.desktop
    [Desktop Entry]
    Type=Application
    Exec=/usr/local/sbin/allowed_apps_daemon.sh
    Hidden=false
    NoDisplay=false
    X-GNOME-Autostart-enabled=true
    Name=My Daemon
    Comment=Start allowed apps daemon
    EOF
    
    
    cat << EOF | sudo tee /usr/local/sbin/allowed_apps_daemon.sh
    #!/bin/bash
    TARGET_USER=\$(whoami)
    EXCLUDED_PIDS=\$(ps -u "\$TARGET_USER" -o pid= | sed 's/[[:space:]]//g')
    EXCLUDED_COMMANDS=("APPLICATION_PROCESS_NAME1" "APPLICATION_PROCESS_NAME2" "APPLICATION_PROCESS_NAME3" )
    
    while true; do
      # Get the list of running processes for the target user
      running_processes=\$(ps -u "\$TARGET_USER" -o pid=,cmd=)
    
      # Iterate over each process
      while read -r pid cmd; do
        # Check if the process should be excluded
        exclude=false
    
        # Check if the PID should be excluded
        for excluded_pid in \$EXCLUDED_PIDS; do
          if [[ \$pid == "\$excluded_pid" ]]; then
            exclude=true
            break
          fi
        done
    
        if [[ \$exclude == false ]]; then
          for excluded_cmd in "\${EXCLUDED_COMMANDS[@]}"; do
            if [[ \$cmd == "\$excluded_cmd" ]]; then
              exclude=true
              break
            fi
          done
        fi
    
        # Kill the process if it is not excluded
        if [[ \$exclude == false ]]; then
          echo "Killing process \$pid: \$cmd"
          kill "\$pid"
        fi
      done <<< "\$running_processes"
    
      # Pause for 25 seconds
      sleep 30
    done
    EOF
    
    chmod 755 /usr/local/sbin/allowed_apps_daemon.sh
    visudo_entry="ALL ALL=(ALL) NOPASSWD: /usr/local/sbin/allowed_apps_daemon.sh"
    echo "$visudo_entry" >> /etc/sudoers
    #Verify the sudoers file syntax
    visudo -c
    
    # Please reboot the Device once script is executed
  3. In the script, replace the following placeholder:

    1. Please enter the application process name(s) that are to be allowed in the line:
      EXCLUDED_COMMANDS=("APPLICATION_PROCESS_NAME1" "APPLICATION_PROCESS_NAME2" "APPLICATION_PROCESS_NAME3" )

    2. For example,

      EXCLUDED_COMMANDS=("firefox" "gedit" "gnome-terminal" "sshd" "bash" "chrome" "google-chrome" "Xwayland" "xdg-desktop-portal" "gsd-xsettings" "oosplash" "dbeaver" "Postman" "filezilla" "msedge" "opera" "thunderbird" "brave" "sublime_text" "code" "peek" "zoom" "vim" "terminator" "chromium-browser" "soffice" )
    3. Reboot of the device will be required.

  4. Follow our guide to upload & publish the script using Scalefusion Dashboard.

Note:

  1. Some of the scripts and their contents are sourced from internet and yes, our new friend ChatGPT.

  2. Please validate the scripts on a test machine before deploying them on all your managed devices.

  3. Scalefusion has tested these scripts, however Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the usage of these scripts.


Was this article helpful?