48 lines
1.7 KiB
Bash
48 lines
1.7 KiB
Bash
#!/bin/bash
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: 2025-10-11; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
|
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
|
# SPDX-PackageName: CISS.debian.live.builder
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
set -Ceuo pipefail
|
|
|
|
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
|
|
|
|
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
|
|
export DEBIAN_FRONTEND="noninteractive"
|
|
export INITRD="No"
|
|
apt-get install -y usbguard
|
|
|
|
### Preparing USBGuard: see https://www.privacy-handbuch.de/handbuch_91a.htm
|
|
touch /tmp/rules.conf
|
|
usbguard generate-policy >> /tmp/rules.conf
|
|
|
|
if [[ -f /etc/usbguard/rules.conf && -s /etc/usbguard/rules.conf ]]; then
|
|
|
|
mv /etc/usbguard/rules.conf /root/.ciss/cdlb/backup/usbguard_rules.conf.bak
|
|
cp -a /tmp/rules.conf /etc/usbguard/rules.conf
|
|
chmod 0600 /etc/usbguard/rules.conf
|
|
|
|
else
|
|
|
|
rm -f /etc/usbguard/rules.conf
|
|
cp -a /tmp/rules.conf /etc/usbguard/rules.conf
|
|
chmod 0600 /etc/usbguard/rules.conf
|
|
|
|
fi
|
|
|
|
cp -a /etc/usbguard/usbguard-daemon.conf /root/.ciss/cdlb/backup/usbguard-daemon.conf.bak
|
|
#sed -i "s/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/" /etc/usbguard/usbguard-daemon.conf
|
|
|
|
rm -f /tmp/rules.conf
|
|
|
|
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
|
|
|
|
exit 0
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|