mirror of
https://github.com/tasket/Qubes-VM-hardening.git
synced 2024-10-01 06:35:42 -04:00
42 lines
1.1 KiB
Bash
42 lines
1.1 KiB
Bash
#!/bin/bash
|
|
# From https://github.com/tasket/Qubes-VM-hardening
|
|
# installer version 0.9.0
|
|
|
|
set -e
|
|
[ `id -u` -eq 0 ] || exit
|
|
|
|
if [ "$1" = "--uninstall" ]; then
|
|
echo "Removing vm-boot-protect.service..."
|
|
echo "Warning: This will remove any custom files added to /etc/default/vms!"
|
|
read -p "Proceed [y/N]? " ans
|
|
if [[ $ans == @(Y|y) ]]; then
|
|
systemctl disable vm-boot-protect.service
|
|
rm -r /lib/systemd/system/vm-boot-protect.service /usr/lib/qubes/init/vm-boot-protect.sh /etc/default/vms
|
|
systemctl daemon-reload
|
|
echo "Done."
|
|
else
|
|
echo "Aborted."
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
|
|
echo "Installing vm-boot-protect.service..."
|
|
cp vm-boot-protect.sh /usr/lib/qubes/init
|
|
chmod +x /usr/lib/qubes/init/vm-boot-protect.sh
|
|
cp vm-boot-protect.service /lib/systemd/system
|
|
systemctl daemon-reload
|
|
systemctl enable vm-boot-protect.service
|
|
|
|
echo "Adding defaults in /etc/default/vms..."
|
|
mkdir -p /etc/default/vms
|
|
# Careful... ownership & mode are not preserved here!
|
|
cp -riv default/vms/* /etc/default/vms
|
|
|
|
|
|
echo -e "\nvm-boot-protect installed!\n"
|
|
|
|
bash ./configure-sudo-prompt
|
|
exit 0
|
|
|