Compare commits
2 Commits
a3fbf294e6
...
a4a44fa638
| Author | SHA256 | Date | |
|---|---|---|---|
a4a44fa638
|
|||
|
84e71c9ba6
|
@@ -523,7 +523,7 @@ network:
|
||||
#- "176.9.93.198" # dnsforge.de
|
||||
#- "176.9.1.117" # dnsforge.de
|
||||
ipv6address: "2a03:4000:10:d43:188:68:34:243"
|
||||
ipv6netmask: "128"
|
||||
ipv6netmask: "64"
|
||||
ipv6gateway: "fe80::1"
|
||||
ipv6nameserver:
|
||||
- "2a01:4f9:c012:a813:135:181:207:105"
|
||||
|
||||
@@ -39,14 +39,14 @@ check_usr_merge() {
|
||||
test -L /bin && test $(readlink -f /bin) = '/usr/bin' && echo 'MERGED:/bin' >> ${var_logfile} || echo 'UNMERGED:/bin' >> ${var_logfile}
|
||||
test -L /sbin && test $(readlink -f /sbin) = '/usr/sbin' && echo 'MERGED:/sbin' >> ${var_logfile} || echo 'UNMERGED:/sbin' >> ${var_logfile}
|
||||
test -L /lib && test $(readlink -f /lib) = '/usr/lib' && echo 'MERGED:/lib' >> ${var_logfile} || echo 'UNMERGED:/lib' >> ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
if [[ "${architecture}" == "amd64" ]]; then
|
||||
# shellcheck disable=SC2312
|
||||
chroot_script "${var_target}" "
|
||||
test -L /lib64 && test $(readlink -f /lib64) = '/usr/lib64' && echo 'MERGED:/lib64' >> ${var_logfile} || echo 'UNMERGED:/lib64' >> ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
fi
|
||||
|
||||
|
||||
@@ -39,7 +39,7 @@ update_sources() {
|
||||
|
||||
### Update generated sources.
|
||||
# shellcheck disable=SC2312
|
||||
chroot_script "${var_target}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"
|
||||
chroot_script "${var_target}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}"
|
||||
do_log "info" "file_only" "4110() Sources lists: updated successfully."
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ update_sources() {
|
||||
chroot_script "${var_target}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
|
||||
|
||||
@@ -58,7 +58,7 @@ update_sources() {
|
||||
chroot_script "${var_target}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
# shellcheck disable=SC2016
|
||||
|
||||
@@ -49,7 +49,7 @@ installation_kernel() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."
|
||||
|
||||
@@ -97,7 +97,7 @@ installation_toolset() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
fi
|
||||
|
||||
@@ -36,7 +36,7 @@ installation_systemd() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
else
|
||||
|
||||
@@ -57,7 +57,7 @@ installation_microcode() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
else
|
||||
@@ -65,7 +65,7 @@ installation_microcode() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
fi
|
||||
|
||||
@@ -295,7 +295,7 @@ installation_firmware() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ary_pkgs_resolved[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -50,7 +50,7 @@ installation_chrony() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then
|
||||
@@ -71,7 +71,7 @@ installation_chrony() {
|
||||
do_log "debug" "file_only" "4150() Executing: [chroot_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
|
||||
chroot_script "${TARGET}" "
|
||||
chronyd -Q -f /etc/chrony/chrony.conf 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
do_log "info" "file_only" "4150() Chrony NTPsec client installed."
|
||||
|
||||
@@ -51,7 +51,7 @@ EOF
|
||||
export INITRD=No
|
||||
apt-get update
|
||||
apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -51,7 +51,7 @@ EOF
|
||||
export INITRD=No
|
||||
apt-get update
|
||||
apt-get install -y --no-install-recommends --no-install-suggests lynis 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -78,7 +78,7 @@ installation_grub() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends grub2-common grub-efi-amd64 grub-efi-amd64-bin 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
;;
|
||||
|
||||
@@ -86,7 +86,7 @@ installation_grub() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends grub2-common grub-efi-arm64 grub-efi-arm64-bin 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
;;
|
||||
|
||||
@@ -101,7 +101,7 @@ installation_grub() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends grub2-common grub-pc grub-pc-bin 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
fi
|
||||
|
||||
@@ -46,22 +46,19 @@ installation_network() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get purge -y dhcpcd isc-dhcp-client 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-suggests ifupdown dhcpcd-base 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
apt-get install -y --no-install-suggests dhcpcd-base ifupdown 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
echo "systemctl disable systemd-networkd NetworkManager" >> "${TARGET}${var_logfile}"
|
||||
echo "systemctl disable dhcpcd.service" >> "${TARGET}${var_logfile}"
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
systemctl disable systemd-networkd NetworkManager 2>/dev/null | tee -a ${var_logfile} || true
|
||||
systemctl disable dhcpcd.service 2>/dev/null | tee -a ${var_logfile} || true
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
mkdir -p "${TARGET}/etc/network/interfaces.d"
|
||||
@@ -95,7 +92,6 @@ source-directory /etc/network/interfaces.d
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces"
|
||||
do_log "info" "file_only" "4300() Header '${TARGET}/etc/network/interfaces' created."
|
||||
@@ -104,92 +100,72 @@ EOF
|
||||
### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv4.
|
||||
if [[ "${network_autoconfig_enable}" == "true" && "${network_choose_interface_auto}" == "true" ]]; then
|
||||
|
||||
insert_header "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
insert_comments "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces"
|
||||
# The primary network interface: IPv4 via DHCP
|
||||
auto ${VAR_FINAL_NIC}
|
||||
allow-hotplug ${VAR_FINAL_NIC}
|
||||
|
||||
iface ${VAR_FINAL_NIC} inet dhcp
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
|
||||
|
||||
elif [[ "${network_autoconfig_enable}" == "true" && "${network_choose_interface_auto}" == "false" ]]; then
|
||||
|
||||
insert_header "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
insert_comments "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces"
|
||||
# The primary network interface: IPv4 via DHCP
|
||||
auto ${VAR_FINAL_NIC}
|
||||
allow-hotplug ${VAR_FINAL_NIC}
|
||||
|
||||
iface ${VAR_FINAL_NIC} inet dhcp
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces.d/10-ipv4-dhcp"
|
||||
do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
|
||||
|
||||
fi
|
||||
|
||||
if [[ "${network_autoconfig_enable}" == "false" ]]; then
|
||||
|
||||
insert_header "${TARGET}/etc/network/interfaces.d/10-ipv4-static"
|
||||
insert_comments "${TARGET}/etc/network/interfaces.d/10-ipv4-static"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces.d/10-ipv4-static"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces"
|
||||
# The primary network interface: IPv4 via static IP
|
||||
auto ${VAR_FINAL_NIC}
|
||||
allow-hotplug ${VAR_FINAL_NIC}
|
||||
|
||||
iface ${VAR_FINAL_NIC} inet static
|
||||
address ${VAR_FINAL_IPV4}
|
||||
netmask ${VAR_FINAL_IPV4_SUBNET}
|
||||
gateway ${VAR_FINAL_IPV4_GW}
|
||||
#dns-nameservers ${ARY_IPV4_NS[*]}
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces.d/10-ipv4-static"
|
||||
do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured statically."
|
||||
|
||||
fi
|
||||
|
||||
|
||||
### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv6.
|
||||
if [[ "${network_autoconfig_enable}" == "true" && -z "${network_static_ipv6address}" ]]; then
|
||||
|
||||
insert_header "${TARGET}/etc/network/interfaces.d/10-ipv6-dhcp"
|
||||
insert_comments "${TARGET}/etc/network/interfaces.d/10-ipv6-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces.d/10-ipv6-dhcp"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces"
|
||||
# The primary network interface: IPv6 via SLAAC (+ stateless DHCPv6 for DNS)
|
||||
iface ${VAR_FINAL_NIC} inet6 auto
|
||||
accept_ra 2
|
||||
dhcp 1
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces.d/10-ipv6-dhcp"
|
||||
do_log "info" "file_only" "4300() IPv6 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
|
||||
do_log "info" "file_only" "4300() IPv6 on the primary NIC: '${VAR_FINAL_NIC}' configured with stateless DHCPv6."
|
||||
|
||||
elif [[ "${network_autoconfig_enable}" == "false" || -n "${network_static_ipv6address}" ]]; then
|
||||
|
||||
insert_header "${TARGET}/etc/network/interfaces.d/10-ipv6-static"
|
||||
insert_comments "${TARGET}/etc/network/interfaces.d/10-ipv6-static"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces.d/10-ipv6-static"
|
||||
cat << EOF >> "${TARGET}/etc/network/interfaces"
|
||||
# The primary network interface: IPv6 via static IP
|
||||
iface ${VAR_FINAL_NIC} inet6 static
|
||||
address ${VAR_FINAL_IPV6_CIDR}
|
||||
gateway ${VAR_FINAL_IPV6_GW}
|
||||
#dns-nameservers ${ARY_IPV6_NS[*]}
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
EOF
|
||||
chmod 0644 "${TARGET}/etc/network/interfaces.d/10-ipv6-static"
|
||||
do_log "info" "file_only" "4300() IPv6 on the primary NIC: '${VAR_FINAL_NIC}' configured statically."
|
||||
|
||||
fi
|
||||
|
||||
printf '# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf\n' >> "${TARGET}/etc/network/interfaces"
|
||||
|
||||
### Prepare basic 'dhcpcd-base' DHCP Client options.
|
||||
if [[ -f "${TARGET}/etc/dhcpcd.conf" ]]; then
|
||||
@@ -223,7 +199,6 @@ fqdn both
|
||||
|
||||
EOF
|
||||
|
||||
|
||||
### Ensure 'dhcpcd-base' DHCP Client is not overwriting the static nameserver settings.
|
||||
### Collect static DNS from YAML (IPv4 and IPv6).
|
||||
[[ -n "${network_static_ipv4nameserver_0:-}" ]] && ary_dns_supersede+=( "${ARY_IPV4_NS[@]}" )
|
||||
@@ -235,6 +210,7 @@ EOF
|
||||
### Enforce static DNS
|
||||
nooption domain_name_servers
|
||||
nohook rdnssd
|
||||
nohook resolvconf
|
||||
|
||||
### Static DNS-resolvers
|
||||
interface ${VAR_FINAL_NIC}
|
||||
@@ -247,18 +223,19 @@ EOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
### Footer (always).
|
||||
echo '' >> "${TARGET}/etc/dhcpcd.conf"
|
||||
echo '# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf' >> "${TARGET}/etc/dhcpcd.conf"
|
||||
|
||||
|
||||
### Check dhcpcd connectivity.
|
||||
chroot_script "${TARGET}" "
|
||||
dhcpcd -T ${VAR_FINAL_NIC} | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
}
|
||||
### Prevents accidental 'unset -f'.
|
||||
# shellcheck disable=SC2034
|
||||
readonly -f installation_network
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -30,7 +30,7 @@ installation_netsec() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-suggests fail2ban ufw 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -32,18 +32,18 @@ update_initramfs() {
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
update-grub 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
depmod -a ${var_kernel} 2>&1 | tee -a ${var_logfile}
|
||||
update-initramfs -c -v -k all 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
update-grub 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
chmod 0400 "${TARGET}/boot/grub/grub.cfg"
|
||||
|
||||
@@ -31,7 +31,7 @@ hardening_usb() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests usbguard 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
|
||||
touch /tmp/rules.conf
|
||||
usbguard generate-policy >| /tmp/rules.conf
|
||||
|
||||
@@ -30,7 +30,7 @@ hardening_virus() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -31,7 +31,7 @@ accounts_preparation() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
mkdir -p "${TARGET}/etc/skel/.ciss"
|
||||
|
||||
@@ -34,7 +34,7 @@ accounts_hardening() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
### Preparing 2fa hardening.
|
||||
|
||||
@@ -32,26 +32,26 @@ installation_packages() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get update 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
apt-get upgrade -y 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
fi
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ARY_PACKAGES[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get autoclean -y 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
apt-get autopurge -y 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
apt-get autoremove -y 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -39,7 +39,7 @@ installation_security() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ary_fw[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
|
||||
if [[ ${VAR_SEC_FW} == apparmor ]]; then
|
||||
systemctl enable apparmor 2>&1 | tee -a ${var_logfile} || true
|
||||
|
||||
@@ -34,7 +34,7 @@ install_verification() {
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests auditd 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
rm -f "${TARGET}/etc/audit/rules.d/audit.rules"
|
||||
@@ -339,14 +339,14 @@ EOF
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
systemctl enable auditd.service 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
### Validate and build audit rules now; fail early if syntax is wrong.
|
||||
chroot_script "${TARGET}" "
|
||||
if command -v augenrules >/dev/null 2>&1; then
|
||||
augenrules --load 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
else
|
||||
### Fallback: build consolidated rules file without loading into the kernel.
|
||||
if command -v bash >/dev/null 2>&1; then
|
||||
@@ -358,7 +358,7 @@ EOF
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests aide aide-common 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
sed -i 's/Checksums = H/Checksums = sha512/' /etc/aide/aide.conf
|
||||
aideinit > /dev/null 2>> ${var_logfile}
|
||||
"
|
||||
@@ -366,7 +366,7 @@ EOF
|
||||
chroot_script "${TARGET}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests debsums 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
if ! debsums -g >> ${var_logfile} 2>> ${var_logfile}; then
|
||||
printf 'Running debsums -g - encountered errors.' >> ${var_logfile}
|
||||
fi
|
||||
@@ -374,7 +374,7 @@ EOF
|
||||
|
||||
chroot_script "${TARGET}" "
|
||||
rkhunter --propupd 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
guard_dir && return 0
|
||||
|
||||
@@ -49,7 +49,7 @@ installation_kernel_reco() {
|
||||
chroot_script "${RECOVERY}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
do_log "info" "file_only" "5120() Kernel image: '${image}' installed successfully."
|
||||
|
||||
@@ -96,7 +96,7 @@ installation_toolset_reco() {
|
||||
chroot_script "${RECOVERY}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
fi
|
||||
|
||||
@@ -36,7 +36,7 @@ installation_systemd_reco() {
|
||||
chroot_script "${RECOVERY}" "
|
||||
export INITRD=No
|
||||
apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
|
||||
echo ExitCode: \$? >> ${var_logfile}
|
||||
echo ExitCode of PIPESTATUS[0]: [\${PIPESTATUS[0]}] >> ${var_logfile}
|
||||
"
|
||||
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user