Qubes-VM-hardening/install
Christopher Laprise ccddef2f44
Misc fixes, additions
Fix rescue mode, deployment. Add whitelist and sudo config.
2018-04-12 15:24:46 -04:00

26 lines
674 B
Bash

#!/bin/bash
# From https://github.com/tasket/Qubes-VM-hardening
set -e
[ `id -u` -eq 0 ] || exit
echo "Disabling the pre-release service (if present)..."
systemctl disable vm-sudo-protect.service || true
echo "Installing vm-boot-protect.service..."
cp vm-boot-protect.sh /usr/lib/qubes/init
chmod +x /usr/lib/qubes/init/vm-boot-protect.sh
cp vm-boot-protect.service /lib/systemd/system
systemctl daemon-reload
systemctl enable vm-boot-protect.service
echo "Adding defaults in /etc/default/vms..."
# Careful... ownership & mode are not preserved here!
cp -rnv default/vms/* /etc/default/vms
echo -e "\nvm-boot-protect installed!\n"
bash ./configure-sudo-prompt
exit 0