my-scripts/installers/arch/scripts/harden.sh

#!/bin/sh
#
#install required programs
sudo pacman -S apparmor

#enable apparmor service
sudo systemctl enable apparmor.service
sudo systemctl start  apparmor.service


echo "============================================"
echo "     Applying Hardening Configuration"
echo "============================================"
echo ""
echo "append this to your kernel params file:"
echo "     lsm=landlock,lockdown,yama,integrity,apparmor,bpf"
echo "   systemd-boot:  /boot/loader/entries/*.conf, append to end of line beginning with \"options\""
echo "           grub:  /etc/default/grub"
echo ""
echo "   run this script again after rebooting to ensure all settings are applied correctly."
echo "   press enter to continue."
read input
remake arch install as a PKGBUILD 2022-10-01 22:59:41 +00:00			`#!/bin/sh`
			`#`
			`#install required programs`
remove allowing poweroff and reboot in doas.conf since it is not needed add pass dir and gnupg dir to setup-dirs.sh script *remove some lines from harden.sh 2023-03-21 04:02:09 +00:00			`sudo pacman -S apparmor`
remake arch install as a PKGBUILD 2022-10-01 22:59:41 +00:00
			`#enable apparmor service`
			`sudo systemctl enable apparmor.service`
			`sudo systemctl start apparmor.service`


			`echo "============================================"`
			`echo " Applying Hardening Configuration"`
			`echo "============================================"`
			`echo ""`
			`echo "append this to your kernel params file:"`
			`echo " lsm=landlock,lockdown,yama,integrity,apparmor,bpf"`
			`echo " systemd-boot: /boot/loader/entries/*.conf, append to end of line beginning with \"options\""`
			`echo " grub: /etc/default/grub"`
			`echo ""`
			`echo " run this script again after rebooting to ensure all settings are applied correctly."`
			`echo " press enter to continue."`
			`read input`