Added hardening script for security

This commit is contained in:
Emmet 2024-02-25 11:43:35 -06:00
parent fb7e67dbf8
commit 7a24e7507a
2 changed files with 35 additions and 0 deletions

29
harden.sh Executable file
View file

@ -0,0 +1,29 @@
#!/bin/sh
# This will harden the security of these dotfiles, preventing
# unpriveleged users from editing system-level (root configuration)
# files maliciously
# Run this inside of ~/.dotfiles (or whatever directory you installed
# the dotfiles to)
# Run this as root!
# BTW, this assumes your user account has a PID/GID of 1000
# After running this, the command `nix flake update` will require root
if [ "$#" = 1 ]; then
dotfilesDir=$1;
else
dotfilesDir=$(pwd);
fi
pushd $dotfilesDir &> /dev/null;
chown -R root:root system;
chown -R root:root patches;
chown root:root flake.lock;
chown root:root flake.nix
chown root:root profiles/*/configuration.nix;
chown 1000:users **/README.org;
chown root:root harden.sh;
popd &> /dev/null;