3. Change to directory ```telegram-bot.bash```, run ```./bashbot.sh init``` and follow the instructions. At this stage you are asked for your Bots token given by botfather.
[Download latest update zip from github](https://github.com/topkecleon/telegram-bot-bash/releases) extract all files and copy them to your bashbot dir. Now run ```sudo ./bashbot.sh init``` to setup your environment to the current release.
Bash scripts in general are not designed to be bullet proof, so consider this Bot as a proof of concept. More concret examples of security problems is bash's 'quoting hell' and globbing. [Implications of wrong quoting](https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells)
Whenever you are processing input from from untrusted sources (messages, files, network) you mustbe be as carefull as possible, e.g. disable globbing (set -f) and quote everthing.
A powerful tool to improve your scripts robustness is [shellcheck](https://www.shellcheck.net/). You can use it online or [install shellcheck locally](https://github.com/koalaman/shellcheck#installing). All bashbot scripts are checked by shellcheck.
All files your Bot can write are in danger to be overwritten/deleted if your bot can be abused.
Every file your Bot can read is in danger of being disclosed for the same reason.
**Never run your Bot as root, this is the most dangerous you can do!** Usually the user 'nobody' has almost no rigths on Unix/Linux systems. See Expert use on how to run your Bot as an other user.
You Bot configuration contains data which should not be readable from other users.
Everyone who can read your Bot files can extract your Bots secret data. Especially your Bot Token in ```token``` must be protected against other users. No one exept you should have write access to the Bot files. The Bot itself can be restricted to have write access to ```count``` and ```tmp-bot-bash``` only, all other files should be write protected.
To set access rights for your telegram-bot-bash directory to reasonable default values you should run ```sudo ./bashbot.sh init``` after every update or change to your installation directory.
Bashbot is no more insecure as any other Bot written in any other language. But since YOU change the bot commands and run the Bot, you should know about the implications ...