#!/bin/bash ## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net> ## See the file COPYING for copying conditions. set -e if [ -f /usr/lib/helper-scripts/pre.bsh ]; then source /usr/lib/helper-scripts/pre.bsh fi ## Thanks to: ## http://mywiki.wooledge.org/BashFAQ/035 while : do case $1 in --ssh) ssh=true shift ;; --nossh) ssh=false shift ;; --) shift break ;; -*) echo "$0 unknown option: $1" >&2 exit 2 ;; *) break ;; esac done ## If there are input files (for example) that follow the options, they ## will remain in the "$@" positional parameters. if [ "$ssh" = "" ]; then echo "${red}ERROR${reset}: must use either --ssh or --nossh. For example:" >&2 echo "$0 --nossh" >&2 exit 2 fi echo "${bold}[Hide Hardware Info]${reset}" echo "Enabling enable hide-hardware-info.service by running 'systemctl enable hide-hardware-info.service'..." systemctl enable hide-hardware-info.service echo "${green}Success.${reset}" echo "" echo "${bold}[NOEXEC]${reset}" echo "Enabling noexec by creating file /etc/noexec ..." touch /etc/noexec echo "${green}Success.${reset}" echo "" echo "${bold}[LKRG - Linux Kernel Runtime Guard]${reset}" echo "LKRG hardening by creating /etc/sysctl.d/40-security-misc-autogenerated.conf ..." mkdir -p /etc/sysctl.d echo "\ ## This is an automatically generated file. ## This file was automatically generated by: ## $0 ## Edits may be lost! ## https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Configuration lkrg.ci_panic=1 lkrg.umh_lock=1" > /etc/sysctl.d/40-security-misc-autogenerated.conf echo "${green}Success.${reset}" echo "" if [ "$ssh" = "false" ]; then echo "${bold}[Console Lockdown]${reset}" echo "Enabling Console Lockdown by removing user 'user' from group 'ssh'." delgroup user ssh &>/dev/null || true echo "${green}Success.${reset}" echo "" fi