Compare commits
2 Commits
2f7fe2558b
...
d801df98a9
Author | SHA1 | Date |
---|---|---|
optout | d801df98a9 | |
optout | 030ce84b1f |
|
@ -23,29 +23,32 @@ function set_kver() {
|
|||
# Invoke function to prompt end-user for desired version (must be an active release in the Anthraxx Linux-Hardened repository)
|
||||
set_kver
|
||||
|
||||
# Dependencies
|
||||
declare -A osInfo
|
||||
osInfo[/etc/void-release]="xbps"
|
||||
osInfo[/etc/fedora-release]="dnf"
|
||||
osInfo[/etc/debian_version]="apt-get"
|
||||
|
||||
echo "Package manager: $package_manager"
|
||||
|
||||
for f in ${!osInfo[@]}
|
||||
do
|
||||
if [[ -f $f ]]; then
|
||||
package_manager=${osInfo[$f]}
|
||||
if [[ $package_manager == "xbps" ]]; then
|
||||
function check_distro(){
|
||||
declare -r distroId="$(awk -F= '$1=="ID"{print $NF}' /etc/os-release)"
|
||||
case "${distroId,,}" in
|
||||
*void*)
|
||||
printf '%s\n' "Detected Void Linux..."
|
||||
xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl
|
||||
elif [[ $package_manager == "dnf" ]]; then
|
||||
sudo dnf install binutils /usr/include/{libelf.h,openssl/pkcs7.h} \
|
||||
/usr/bin/{bc,bison,flex,gcc,git,openssl,make,perl,pahole,zstd}
|
||||
elif [[ $package_manager == "apt-get" ]]; then
|
||||
return 0
|
||||
;;
|
||||
*debian*|*ubuntu*)
|
||||
printf '%s\n' "Detected Debian-based Distribution..."
|
||||
sudo apt-get install build-essential linux-source bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison
|
||||
fi
|
||||
fi
|
||||
done
|
||||
return 0
|
||||
;;
|
||||
*fedora*|*redhat*)
|
||||
printf '%s\n' "Detected RHEL-based Distribution..."
|
||||
sudo dnf install binutils /usr/include/{libelf.h,openssl/pkcs7.h} \
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
printf '%s\n' "Unable to detect Operating System!" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
check_distro
|
||||
|
||||
# Staging w/ error handling
|
||||
# Pull down Anthraxx linux-hardened upstream
|
||||
|
@ -57,12 +60,24 @@ if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then
|
|||
tar -xf "$KVER".tar.gz -C /usr/src/
|
||||
fi
|
||||
|
||||
# Move to staging directory
|
||||
cd /usr/src/linux-hardened-"$KVER"
|
||||
|
||||
# Pull down plague kconfig
|
||||
wget https://0xacab.org/optout/plague-kernel/-/raw/main/host_hardened.config -O .config
|
||||
# wget https://0xacab.org/optout/plague-kernel/-/raw/main/virt_hardened.config -O .config
|
||||
## virt_hardened.config is still a WIP
|
||||
read -rp 'Are you compiling this kernel for a physical machine (host) or virtual machine (VM)? [host/vm]: ' response
|
||||
if [[ "${response,,}" = "vm" ]]
|
||||
then
|
||||
echo "Compiling a VM kernel"
|
||||
wget https://0xacab.org/optout/plague-kernel/-/raw/main/virt_hardened.config -O .config
|
||||
## virt_hardened.config is still a WIP
|
||||
elif [[ "${response,,}" = "host" ]]
|
||||
then
|
||||
echo "Compiling a host kernel"
|
||||
wget https://0xacab.org/optout/plague-kernel/-/raw/main/host_hardened.config -O .config
|
||||
else
|
||||
echo "Invalid input. Please choose either \"Host\" or \"VM\"."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Prompt if baseline Plague kernel is desired
|
||||
## If not, proceed to fingerprint device
|
||||
|
@ -87,32 +102,37 @@ fi
|
|||
make -j $(nproc --all)
|
||||
make modules_install INSTALL_MOD_STRIP=1 install
|
||||
|
||||
# Determine commands needed via osInfo
|
||||
for f in ${!osInfo[@]}
|
||||
do
|
||||
if [[ -f $f ]]; then
|
||||
package_manager=${osInfo[$f]}
|
||||
if [[ $package_manager == "xbps" ]]; then
|
||||
case "${distroId,,}" in
|
||||
*void*)
|
||||
cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"
|
||||
dracut --kver "$KVER" --force
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
xbps-reconfigure -fa
|
||||
/usr/bin/update-grub
|
||||
elif [[ $package_manager == "dnf" ]]; then
|
||||
command -v installkernel
|
||||
elif [[ $package_manager == "apt-get" ]]; then
|
||||
/usr/bin/update-grub
|
||||
return 0
|
||||
;;
|
||||
*debian*|*ubuntu*)
|
||||
cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"
|
||||
dracut --kver "$KVER" --force
|
||||
update-grub2
|
||||
fi
|
||||
fi
|
||||
done
|
||||
return 0
|
||||
;;
|
||||
*fedora*|*redhat*)
|
||||
command -v installkernel
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
printf '%s\n' "Unable to detect Operating System!" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
# Remove sysmap/signing keys
|
||||
rm /lib/modules/"$KVER"_1/source/certs/signing_key*
|
||||
rm /lib/modules/"$KVER"_1/source/System.map
|
||||
rm /lib/modules/"$KVER"_1/source
|
||||
rm /lib/modules/"$KVER"_1/build
|
||||
rm /lib/modules/"$KVER"/source/certs/signing_key*
|
||||
rm /lib/modules/"$KVER"/source/System.map
|
||||
rm /lib/modules/"$KVER"/source
|
||||
rm /lib/modules/"$KVER"/build
|
||||
|
||||
echo "Congrats! Your custom kernel based on the PlagueOS kernel configuration has been installed."
|
||||
echo "Reboot now? (y/N): "
|
||||
|
|
Loading…
Reference in New Issue