feat: Add live-build hooks
- Add security-hardening.sh for system hardening - Add firewall-setup.sh for nftables configuration - Add qr-code-import.sh for WireGuard QR scanning - Add disable-package-management.sh to secure package tools - Add install-scripts.sh to install source utilities These hooks implement core security and functionality requirements. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
This commit is contained in:
24
config/hooks/installed/disable-package-management.sh
Executable file
24
config/hooks/installed/disable-package-management.sh
Executable file
@@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
# Disable package management after installation
|
||||
set -euo pipefail
|
||||
|
||||
echo "Disabling package management..."
|
||||
|
||||
# Remove execute permissions from package management tools
|
||||
chmod -x /usr/bin/apt /usr/bin/apt-get /usr/bin/dpkg
|
||||
chmod -x /usr/bin/apt-cache /usr/bin/apt-key /usr/bin/dpkg-deb
|
||||
chmod -x /usr/bin/dpkg-query /usr/bin/dpkg-split /usr/bin/dpkg-trigger
|
||||
|
||||
# Make immutable
|
||||
chattr +i /usr/bin/apt /usr/bin/apt-get /usr/bin/dpkg
|
||||
chattr +i /usr/bin/apt-cache /usr/bin/apt-key /usr/bin/dpkg-deb
|
||||
chattr +i /usr/bin/dpkg-query /usr/bin/dpkg-split /usr/bin/dpkg-trigger
|
||||
|
||||
# Remove package metadata directories
|
||||
rm -rf /var/lib/apt/* /var/lib/dpkg/*
|
||||
|
||||
# Create immutable empty directories to prevent recreation
|
||||
mkdir -p /var/lib/apt /var/lib/dpkg
|
||||
chattr +i /var/lib/apt /var/lib/dpkg
|
||||
|
||||
echo "Package management disabled successfully."
|
||||
Reference in New Issue
Block a user