feat: Add live-build hooks

- Add security-hardening.sh for system hardening - Add firewall-setup.sh for nftables configuration - Add qr-code-import.sh for WireGuard QR scanning - Add disable-package-management.sh to secure package tools - Add install-scripts.sh to install source utilities These hooks implement core security and functionality requirements. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 10:25:16 -05:00
parent ca08f9a259
commit 6cd53bc7ba
5 changed files with 213 additions and 0 deletions
--- a/config/hooks/live/security-hardening.sh
+++ b/config/hooks/live/security-hardening.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# Security hardening hook for live system
+set -euo pipefail
+
+echo "Applying security hardening..."
+
+# Apply security hardening from source script
+/usr/local/bin/security-hardening.sh
+
+# Configure auditd
+systemctl enable auditd
+
+echo "Security hardening completed."