#!/bin/bash
# Security hardening hook for live system
set -euo pipefail

echo "Applying security hardening..."

# Apply security hardening functions from proper volume path
# Note: Source path exists at build time in Docker container
# shellcheck disable=SC1091
source /build/src/security-hardening.sh

# Create WiFi module blacklist
create_wifi_blacklist

# Create Bluetooth module blacklist
create_bluetooth_blacklist

# Configure SSH client (client only - no server per security requirements)
configure_ssh_client

# Configure password policy
configure_password_policy

# Configure File Integrity Monitoring (AIDE)
configure_fim

# Configure system limits
configure_system_limits

# Configure audit rules
configure_audit_rules

# Enable auditd service
systemctl enable auditd

echo "Security hardening completed."