Skip to content

Commit

Permalink
further fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
solidc0re authored Sep 1, 2023
1 parent b82983e commit c48c951
Showing 2 changed files with 19 additions and 118 deletions.
108 changes: 10 additions & 98 deletions solidcore-install.sh
Original file line number Diff line number Diff line change
@@ -469,12 +469,6 @@ conf_msg "hidepid enabled for /proc"

# === FILE PERMISSIONS ===

# Hide kernel modules from group and user (only root can access it)
chmod -R go-rwx /usr/lib/modules 2> /dev/null
chmod -R go-rwx /lib/modules 2> /dev/null

conf_msg "Kernel information hidden from everyone, but root"

# Ensure new files are only readable by the user who created them
umask_script="/etc/profile.d/solidcore_umask.sh"

@@ -704,12 +698,12 @@ chmod 644 /etc/xdg/autostart/solidcore-mute-mic.desktop

# === INSTALLS ===

short_msg "Installing minisign (for dnscrypt-proxy installation & updates). This will also take a while..."
space_1
#short_msg "Installing minisign (for dnscrypt-proxy installation & updates). This will also take a while..."
#space_1

# Minisign
rpm-ostree install minisign > /dev/null
conf_msg "Done"
#rpm-ostree install minisign > /dev/null
#conf_msg "Done"

# Flatseal
flatpak install -y com.github.tchx84.Flatseal > /dev/null 2>&1
@@ -756,97 +750,15 @@ cat > /etc/solidcore/solidcore-welcome.sh << EOF
## You should have received a copy of the GNU General Public License
## along with this program. If not, see https://www.gnu.org/licenses/.
# First boot script
# === DISPLAY FUNCTIONS ===
# Interruptable version for long texts
long_msg() {
local main_output="$1"
local idx=0
local char
while [ $idx -lt ${#main_output} ]; do
char="${main_output:$idx:1}"
echo -n "$char"
# Check if a key was pressed
if read -r -s -n 1 -t 0.01 key; then
# Output the remaining portion of the main_output
echo -n "${main_output:idx+1}"
break
fi
sleep 0.015
idx=$((idx + 1))
done
}
# Non-interruptable version for short messages
short_msg() {
local main_output="> $1"
echo
local idx=0
local char
while [ $idx -lt ${#main_output} ]; do
char="${main_output:$idx:1}"
echo -n "$char"
sleep 0.015
idx=$((idx + 1))
done
}
# Non-interruptable version for confirmation messages
GREEN='\033[0;32m'
NC='\033[0m' # No Color
conf_msg() {
short_msg "$1"
echo -ne " ${GREEN}${NC}"
}
# Create two line gap
space_2() {
long_msg "
>
> "
}
# Create one line gap
space_1() {
long_msg "
> "
}
# Declare bold and normal
bold=$(tput bold)
normal=$(tput sgr0)
# === VARIABLES ===
firstboot="/etc/solidcore/solidcore-firstboot.sh"
# Welcome script
# === WELCOME ===
clear
long_msg ">
>
> Welcome back!
>
> You have part-completed the solidcore hardening process.
>
> This script carries out the finishing touches which require your input."
sleep 2
space_2
short_msg "We need to elevate to sudo privilges to continue."
# === RUN FIRSTBOOT ===
sudo bash $(firstboot)
clear
echo ">"
echo ">"
echo "> Please enter your sudo password to continue with the solidcore process."
sudo bash /etc/solidcore/solidcore-firstboot.sh
EOF

# Make executable
29 changes: 9 additions & 20 deletions solidcore-uninstall.sh
Original file line number Diff line number Diff line change
@@ -96,6 +96,7 @@ fi


# === INFORM USER ===
clear
space_2
short_msg "You are about to uninstall all solidcore changes to your system."
space_1
@@ -107,7 +108,7 @@ case $uninstall_response in
[Nn] )
break;;
* ) short_msg "Invalid response. Please retry with 'y' or 'n'."
echo ">";
space_1;
esac
done
space_2
@@ -135,7 +136,7 @@ if [[ "$uninstall_response" =~ ^[Yy]$ ]]; then
# Check if the backup file exists
backup_file="${source_file}_sc.bak"
if [ -e "$backup_file" ]; then
if [ "$backup_file" == "/var/lib/dbus/machine-id"]; then
if [ "$backup_file" == "/var/lib/dbus/machine-id" ]; then
# Restore the backup file
cp "$backup_file" "$source_file"
conf_msg "Backup restored for: $source_file"
@@ -309,8 +310,6 @@ if [[ "$uninstall_response" =~ ^[Yy]$ ]]; then

passwd -u root
conf_msg "root account unlocked"
space_2
space_1


# === REVERT HOSTNAME ===
@@ -331,8 +330,7 @@ if [[ "$uninstall_response" =~ ^[Yy]$ ]]; then
else
short_msg "No hostname backup found. Skipping..."
fi
space_2
space_1



# === UNBLOCK DEVICES ===
@@ -352,24 +350,15 @@ if [[ "$uninstall_response" =~ ^[Yy]$ ]]; then
boltctl authorize "$domain"
done
fi
space_2
space_1


# Unmute microphone
amixer set Capture cap


# === REVERT FILE PERMISSIONS ===
chmod -R 755 /usr/lib/modules
chmod -R 755 /lib/modules

amixer set Capture cap


# === UNINSTALL APPS ===
flatpak remove flatseal
rpm-ostree remove minisign usbguard
rm -rf /usr/local/sbin/dnscrypt-proxy*
flatpak remove flatseal > /dev/null 2>&1
rpm-ostree remove minisign usbguard > /dev/null 2>&1
rm -rf /usr/local/sbin/dnscrypt-proxy* > /dev/null 2>&1
conf_msg "Flatseal, minisign & USBGuard (if installed) removed"


@@ -382,7 +371,7 @@ if [[ "$uninstall_response" =~ ^[Yy]$ ]]; then
# === REBOOT ===
short_msg "Reboot required to implement all the changes."
space_2
read -n 1 -s -r -p "> Press any key to continue"
read -n 1 -s -r -p "Press any key to continue"
space_1
for i in {5..1}; do
if [ "$i" -eq 1 ]; then

0 comments on commit c48c951

Please sign in to comment.