Git-Mirrors/Qubes-VM-hardening
1
0
Fork 0
mirror of https://github.com/tasket/Qubes-VM-hardening.git synced 2024-10-01 06:35:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix uninstall exit

Browse Source
This commit is contained in:
Christopher Laprise 2019-08-13 16:22:27 -04:00
parent 700016197e
commit b203c69a3c
No known key found for this signature in database
GPG Key ID: 448568C8B281C952
2 changed files with 5 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -19,7 +19,7 @@ Leverage Qubes template non-persistence to fend off malware at VM startup: Lock-
1. In a template VM, install the service files
```
cd Qubes-VM-hardening
sudo sh ./install
sudo bash install
```
2. Activate by specifying one of the following Qubes services for your VM(s)...
@ -110,7 +110,9 @@ Some useful configurations have been supplied in /etc/default/vms:
* Using the -root service with a [VPN VM](https://github.com/tasket/Qubes-vpn-support) requires manual configuration in the template and can be approached different ways: Whitelist (optionally with SHA) can be made for the appropriate files. Alternately, all VPN configs can be added under /etc/default/vms/vmname/rw so they'll be automatically deployed.
* Currently the service cannot seamlessly handle 'first boot' when the private volume must be initialized. If you enabled the service on a VM before its first startup, on first start the shell will display a notice telling you to restart the VM. Subsequent starts will proceed normally.
* The service can be removed from the system with `cd Qubes-VM-hardening; sudo bash install --uninstall`
## Releases
- v0.9.0 Add tags and rc files, protect more home scripts, reinitialize home
- v0.8.5 Fix template detection, /etc/default/vms erasure

24
install
View File

@ -17,6 +17,7 @@ if [ "$1" = "--uninstall" ]; then
else
echo "Aborted."
fi
exit 0
fi
@ -33,29 +34,6 @@ mkdir -p /etc/default/vms
cp -riv default/vms/* /etc/default/vms
# echo
# echo "Setup empty Firefox default profile in /etc/skel..."
# echo "A fixed-name profile will be defined in the /home/user folder"
# echo "whenever home is reset/initialized. This is required when"
# echo "using vm-boot-protect features (such as ibrowse) to"
# echo "whitelist parts of the browser configuration."
# echo
# read -p "Add Firefox default profile [y/N]? " ans
# if [[ $ans == @(Y|y) ]]; then
# mkdir -p /etc/skel/.mozilla/firefox/profile.default
# cat <<__END1__ >/etc/skel/.mozilla/firefox/profiles.ini
# [General]
# StartWithLastProfile=1
#
# [Profile0]
# Name=default
# IsRelative=1
# Path=profile.default
# Default=1
# __END1__
#
# fi
echo -e "\nvm-boot-protect installed!\n"
bash ./configure-sudo-prompt