Qubes-VM-hardening/rc.local

#!/bin/sh -e
# Debian: /etc/rc.local

 #########################################################
##  Protect sh, bash, X and desktop init scripts         ##
##  to prevent privilege escalation attacks              ##
##  and malware persistence - for Qubes Linux templates  ##
chfiles=".bashrc .bash_profile .bash_login .bash_logout .profile \
.xprofile .xinitrc .xserverrc .xsession"
chdirs=".config/autostart .config/plasma-workspace/env .config/plasma-workspace/shutdown \
.config/autostart-scripts"

cd /home/user
mkdir -p $chdirs ||true
touch $chfiles || true
chattr -R -f +i $chfiles $chdirs || true
#touch /home/user/FIXED || true

# end of script
exit 0
Create rc.local 2017-03-14 21:58:09 -04:00			`#!/bin/sh -e`
			`# Debian: /etc/rc.local`

Extend coverage to GUI. Update readme. 2017-04-10 10:39:15 -04:00			`#########################################################`
			`## Protect sh, bash, X and desktop init scripts ##`
			`## to prevent privilege escalation attacks ##`
			`## and malware persistence - for Qubes Linux templates ##`
			`chfiles=".bashrc .bash_profile .bash_login .bash_logout .profile \`
			`.xprofile .xinitrc .xserverrc .xsession"`
			`chdirs=".config/autostart .config/plasma-workspace/env .config/plasma-workspace/shutdown \`
			`.config/autostart-scripts"`
Update rc.local 2017-03-15 01:39:36 -04:00
Extend coverage to GUI. Update readme. 2017-04-10 10:39:15 -04:00			`cd /home/user`
			`mkdir -p $chdirs \|\|true`
			`touch $chfiles \|\| true`
			`chattr -R -f +i $chfiles $chdirs \|\| true`
			`#touch /home/user/FIXED \|\| true`
Update rc.local 2017-03-15 01:39:36 -04:00
			`# end of script`
			`exit 0`