*remove allowing poweroff and reboot in doas.conf since it is not needed
*add pass dir and gnupg dir to setup-dirs.sh script *remove some lines from harden.shmaster
parent
1dd3dd9c62
commit
29aca47aa3
|
|
@ -1,20 +1,12 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
#install required programs
|
#install required programs
|
||||||
sudo pacman -S apparmor firejail
|
sudo pacman -S apparmor
|
||||||
|
|
||||||
#enable apparmor service
|
#enable apparmor service
|
||||||
sudo systemctl enable apparmor.service
|
sudo systemctl enable apparmor.service
|
||||||
sudo systemctl start apparmor.service
|
sudo systemctl start apparmor.service
|
||||||
|
|
||||||
#configure apparmor to use firejail and configure firejail to automatically run for supported programs
|
|
||||||
sudo apparmor_parser -r /etc/apparmor.d/firejail-default
|
|
||||||
sudo firecfg
|
|
||||||
|
|
||||||
add user to /etc/firejail/firejail.users if it is not already in the file
|
|
||||||
if [ -z "$(grep "$USER" /etc/firejail/firejail.users)" ]; then
|
|
||||||
sudo sh -c "echo '$USER' >> /etc/firejail/firejail.users"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "============================================"
|
echo "============================================"
|
||||||
echo " Applying Hardening Configuration"
|
echo " Applying Hardening Configuration"
|
||||||
|
|
@ -28,7 +20,3 @@ echo ""
|
||||||
echo " run this script again after rebooting to ensure all settings are applied correctly."
|
echo " run this script again after rebooting to ensure all settings are applied correctly."
|
||||||
echo " press enter to continue."
|
echo " press enter to continue."
|
||||||
read input
|
read input
|
||||||
|
|
||||||
#add any firejail configuration here
|
|
||||||
#fix mpv not being able to open some files, allows mmpv to play videos in the ~/media dir
|
|
||||||
sudo sh -c 'echo "whitelist $HOME/media" >> /etc/firejail/whitelist-player-common.local'
|
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,8 @@
|
||||||
sudo pacman -S opendoas
|
sudo pacman -S opendoas
|
||||||
|
|
||||||
echo "permit persist $USER as root" > ~/.cache/doas.conf
|
echo "permit persist $USER as root" > ~/.cache/doas.conf
|
||||||
echo "permit nopass :wheel as root cmd /sbin/poweroff" >> ~/.cache/doas.conf
|
#echo "permit nopass :wheel as root cmd /sbin/poweroff" >> ~/.cache/doas.conf
|
||||||
echo "permit nopass :wheel as root cmd /sbin/reboot" >> ~/.cache/doas.conf
|
#echo "permit nopass :wheel as root cmd /sbin/reboot" >> ~/.cache/doas.conf
|
||||||
sudo cp ~/.cache/doas.conf /etc/doas.conf
|
sudo cp ~/.cache/doas.conf /etc/doas.conf
|
||||||
|
|
||||||
yay -S doas-sudo-shim
|
yay -S doas-sudo-shim
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,16 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
FILES_DIR="$HOME/.files/"
|
FILES_DIR="$HOME/.files"
|
||||||
|
|
||||||
ln -s "$HOME"/.files/dl "$HOME"/dl
|
#directories
|
||||||
ln -s "$HOME"/.files/docs "$HOME"/docs
|
ln -s "$FILES_DIR"/dl "$HOME"/dl
|
||||||
ln -s "$HOME"/.files/media "$HOME"/media
|
ln -s "$FILES_DIR"/docs "$HOME"/docs
|
||||||
ln -s "$HOME"/.files/.ssh "$HOME"/.ssh
|
ln -s "$FILES_DIR"/media "$HOME"/media
|
||||||
|
ln -s "$FILES_DIR"/.ssh "$HOME"/.ssh
|
||||||
|
ln -s "$FILES_DIR"/.local/share/password-store "$HOME"/.local/share/
|
||||||
|
ln -s "$FILES_DIR"/.local/share/gnupg "$HOME"/.local/share/
|
||||||
|
|
||||||
ln -s "$HOME"/.files/.gitconfig "$HOME"/.gitconfig
|
#files
|
||||||
|
ln -s "$FILES_DIR"/.gitconfig "$HOME"/.gitconfig
|
||||||
|
|
||||||
mkdir -p ~/.var/app/
|
mkdir -p ~/.var/app/
|
||||||
ln -s "$HOME"/.files/.var/app/io.gitlab.librewolf-community ~/.var/app/io.gitlab.librewolf-community
|
ln -s "$HOME"/.files/.var/app/io.gitlab.librewolf-community ~/.var/app/io.gitlab.librewolf-community
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue