From: xf0r3m <jakubstasinski@protonmail.com>
Date: Sun, 2 Jun 2024 09:32:39 +0000 (+0200)
Subject: Zabezpieczenie przed uruchamianiem Firefox, gdy datastore jest otwarty
X-Git-Url: https://gitweb.morketsmerke.org/?a=commitdiff_plain;h=85e2d16680a103a33e94919d71469e925988d87d;p=immudex.git

Zabezpieczenie przed uruchamianiem Firefox, gdy datastore jest otwarty
---

diff --git a/tools/bin/immudex-protected b/tools/bin/immudex-protected
new file mode 100755
index 0000000..e0346db
--- /dev/null
+++ b/tools/bin/immudex-protected
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+mapperDevice=$(ls /dev/mapper --hide=control | head -1 | awk '{printf $1" "}')
+
+if [ "$mapperDevice" ]; then
+  if mount | grep -q "$mapperDevice"; then
+    notify-send "Protected" "The $(basename $1) cannot be run, because your LUKS partitions are open" --icon=dialog-error
+    exit 1;
+  fi
+else
+  $1;
+fi
diff --git a/tools/bin/immudex-protected-firefox b/tools/bin/immudex-protected-firefox
new file mode 100755
index 0000000..89b6a85
--- /dev/null
+++ b/tools/bin/immudex-protected-firefox
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/local/bin/immudex-protected /usr/lib/firefox-esr/firefox-esr
diff --git a/tools/bin/immudex-secured-firefox b/tools/bin/immudex-secured-firefox
index 4041e89..94a1f30 100755
--- a/tools/bin/immudex-secured-firefox
+++ b/tools/bin/immudex-secured-firefox
@@ -6,4 +6,4 @@ if [ ! -d /tmp/${USER} ]; then
 fi
 
 eth0=$(ip route show | grep 'default' | awk '{printf $5}');
-firejail --private=/tmp/${USER} --net=$eth0 /usr/bin/firefox
+firejail --private=/tmp/${USER} --net=$eth0 /usr/lib/firefox-esr/firefox-esr
diff --git a/versions/base.sh b/versions/base.sh
index ede3e57..32aecb7 100644
--- a/versions/base.sh
+++ b/versions/base.sh
@@ -85,6 +85,8 @@ cp -vv ~/immudex/tools/bin/immudex-motd2 /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-padlock /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-pl /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-secured-firefox /usr/local/bin;
+cp -vv ~/immudex/tools/bin/immudex-proteced /usr/local/bin;
+cp -vv ~/immudex/tools/bin/immudex-protected-firefox /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-shoutcasts /usr/local/bin;
 cp -vv ~/immudex/tools/bin/immudex-version /usr/local/bin;
 
@@ -135,6 +137,12 @@ tar -xf ~/immudex/files/mozilla.tgz -C /etc/skel;
 
 cp -vv ~/immudex/launchers/16844254192.desktop /etc/skel/.config/xfce4/panel/launcher-5;
 
+mv /usr/bin/firefox /usr/bin/firefox.old
+rm /usr/bin/firefox-esr
+ln -s /usr/bin/immudex-protected-firefox /usr/bin/firefox-esr
+sed -i "s,Exec=/usr/lib/firefox-esr/firefox-esr %u,Exec=/usr/local/bin/immudex-protected /usr/lib/firefox-esr/firefox-esr," /usr/share/applications/firefox-esr.desktop
+
+
 systemctl enable immudex_hostname.service;
 
 cat >> /etc/bash.bashrc << EOL
@@ -177,8 +185,4 @@ echo "root:${rootPassword}" | chpasswd;
 usermod -L root;
 
 # Miejsce na twoje zmiany, przed poleceniem 'tidy'
-bash ~/immudex/addons/librewolf;
-bash ~/immudex/addons/ncspot;
-bash ~/immudex/addons/nushell;
-bash ~/immudex/addons/lampstack;
 tidy;