]> gitweb.morketsmerke.org Git - immudex.git/commitdiff
projects / immudex.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a3a4dcb)
Zabezpieczenie przed uruchamianiem Firefox, gdy datastore jest otwarty
authorxf0r3m <jakubstasinski@protonmail.com>
Sun, 2 Jun 2024 09:32:39 +0000 (11:32 +0200)
committerxf0r3m <jakubstasinski@protonmail.com>
Sun, 2 Jun 2024 09:32:39 +0000 (11:32 +0200)
tools/bin/immudex-protected [new file with mode: 0755] patch | blob
tools/bin/immudex-protected-firefox [new file with mode: 0755] patch | blob
tools/bin/immudex-secured-firefox patch | blob | history
versions/base.sh patch | blob | history

diff --git a/tools/bin/immudex-protected b/tools/bin/immudex-protected
new file mode 100755 (executable)
index 0000000..e0346db
--- /dev/null
+++ b/tools/bin/immudex-protected
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+mapperDevice=$(ls /dev/mapper --hide=control | head -1 | awk '{printf $1" "}')
+
+if [ "$mapperDevice" ]; then
+  if mount | grep -q "$mapperDevice"; then
+    notify-send "Protected" "The $(basename $1) cannot be run, because your LUKS partitions are open" --icon=dialog-error
+    exit 1;
+  fi
+else
+  $1;
+fi
diff --git a/tools/bin/immudex-protected-firefox b/tools/bin/immudex-protected-firefox
new file mode 100755 (executable)
index 0000000..89b6a85
--- /dev/null
+++ b/tools/bin/immudex-protected-firefox
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/local/bin/immudex-protected /usr/lib/firefox-esr/firefox-esr
diff --git a/tools/bin/immudex-secured-firefox b/tools/bin/immudex-secured-firefox
index 4041e896bc961b9dc74a83ed8e8b0b1bfcaef180..94a1f30fa447387dfb055c101562f5c26d073c18 100755 (executable)
--- a/tools/bin/immudex-secured-firefox
+++ b/tools/bin/immudex-secured-firefox
@@ -6,4 +6,4 @@ if [ ! -d /tmp/${USER} ]; then
 fi
 
 eth0=$(ip route show | grep 'default' | awk '{printf $5}');
-firejail --private=/tmp/${USER} --net=$eth0 /usr/bin/firefox
+firejail --private=/tmp/${USER} --net=$eth0 /usr/lib/firefox-esr/firefox-esr
diff --git a/versions/base.sh b/versions/base.sh
index ede3e57cf6c3bfdea90982c9c4424008d401e65f..32aecb70876b5e9e0cbf976e34adcc9465ab6db2 100644 (file)
--- a/versions/base.sh
+++ b/versions/base.sh
@@ -85,6 +85,8 @@ cp -vv ~/immudex/tools/bin/immudex-motd2 /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-padlock /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-pl /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-secured-firefox /usr/local/bin;
+cp -vv ~/immudex/tools/bin/immudex-proteced /usr/local/bin;
+cp -vv ~/immudex/tools/bin/immudex-protected-firefox /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-shoutcasts /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-version /usr/local/bin;
 
@@ -135,6 +137,12 @@ tar -xf ~/immudex/files/mozilla.tgz -C /etc/skel;
 
 cp -vv ~/immudex/launchers/16844254192.desktop /etc/skel/.config/xfce4/panel/launcher-5;
 
+mv /usr/bin/firefox /usr/bin/firefox.old
+rm /usr/bin/firefox-esr
+ln -s /usr/bin/immudex-protected-firefox /usr/bin/firefox-esr
+sed -i "s,Exec=/usr/lib/firefox-esr/firefox-esr %u,Exec=/usr/local/bin/immudex-protected /usr/lib/firefox-esr/firefox-esr," /usr/share/applications/firefox-esr.desktop
+
+
 systemctl enable immudex_hostname.service;
 
 cat >> /etc/bash.bashrc << EOL
@@ -177,8 +185,4 @@ echo "root:${rootPassword}" | chpasswd;
 usermod -L root;
 
 # Miejsce na twoje zmiany, przed poleceniem 'tidy'
-bash ~/immudex/addons/librewolf;
-bash ~/immudex/addons/ncspot;
-bash ~/immudex/addons/nushell;
-bash ~/immudex/addons/lampstack;
 tidy;
immudex - stable