Git-Mirrors/tommytran732-QubesOS-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/QubesOS-Scripts.git synced 2025-08-07 04:52:12 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update whonix-workstation.sh

Browse source 
Whonix Workstation no longer allows sudo as the default user

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2025-05-23 02:41:11 -04:00 committed by GitHub
parent 213d073e6c
commit 2fbeda90a9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
whonix/whonix-workstation.sh
View file

@ -14,6 +14,8 @@
# License for the specific language governing permissions and limitations under
# the License.
# Run this as root. Whonix workstation stopped allowing the default user to use sudo.
set -eu
unpriv(){
@ -27,26 +29,26 @@ download() {
# Setting umask to 077
# Whonix defaults to zsh - I need to set it for zsh later.
umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
# Make home directory private
sudo chmod 700 /home/*
chmod 700 /home/*
# Avoid phased updates
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
# Install packages
sudo apt install --no-install-recommends arc-theme pipewire-pulse qt5-style-plugins -y
apt install --no-install-recommends arc-theme pipewire-pulse qt5-style-plugins -y
# Restrict /proc and access
sudo systemctl enable --now proc-hidepid.service
systemctl enable --now proc-hidepid.service
# Reduce kernel information leaks
# Will break a lot of applications. The apps I use on Whonix work fine with it so I am enabling it.
sudo systemctl enable --now hide-hardware-info.service
systemctl enable --now hide-hardware-info.service
# Flatpak update service
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service
@ -59,4 +61,4 @@ sudo mkdir -p /etc/gtk-3.0
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-3.0/settings.ini /etc/gtk-3.0/settings.ini
sudo mkdir -p /etc/gtk-4.0
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini