matt/patronageos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hardened malloc, working firewall.

Browse Source
This commit is contained in:
matt
2026-02-08 08:49:55 -07:00
parent d26067b2fa
commit 5b7a3ccd9b
41 changed files with 1141 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
config/filesystem_chroot_install.sh
View File

@@ -7,11 +7,12 @@ echo "deb https://archive.ubuntu.com/ubuntu questing-backports main restricted u
echo "deb https://security.ubuntu.com/ubuntu questing-security main restricted universe multiverse" >> /etc/apt/sources.list
apt update
apt upgrade -y
apt install -y jq bubblewrap curl make build-essential git libselinux1 iptables nftables libnetfilter-queue-dev
#install base system packages
apt install -y --install-recommends --install-suggests systemd
apt install -y --no-install-recommends gnome-core
apt install -y jq git rlwrap dnsutils curl systemd-resolved ufw nano htop ipset lm-sensors net-tools iputils-ping python3-pip bpfcc-tools gnome-shell-extension-ubuntu-dock gnome-shell-extension-ubuntu-tiling-assistant gnome-shell-extension-appindicator keepassxc libnetfilter-queue-dev libpcap-dev protobuf-compiler bpftool golang ufw
apt install -y --install-recommends --install-suggests systemd
apt install -y vanilla-gnome-desktop vanilla-gnome-default-settings gdm3 gnome-shell-extension-appindicator gnome-shell-extension-ubuntu-dock gnome-shell-extension-ubuntu-tiling-assistant
apt install -y rlwrap dnsutils systemd-resolved ufw nano htop ipset lm-sensors net-tools iputils-ping python3-pip keepassxc ufw opensnitch
#install packages from config
jq -r '.packages | .[]' config.json | while read -r item; do
@@ -24,29 +25,29 @@ echo "$locale"
locale-gen "$locale"
echo "LANG=$locale" > /etc/default/locale
#install python systemwide
#pip install --break-system-packages dnslib psutil
#add setuid for some applications
chmod u+s /usr/bin/bwrap
chmod u+s /usr/bin/ping
#install firewall
#mkdir -p /usr/local/src/
#cd /usr/local/src/
#git clone https://git.patronage.systems/matt/dnsf.git
#chmod +x /usr/local/src/dnsf/dnsf_install.sh
#/bin/bash -c /usr/local/src/dnsf/dnsf_install.sh
#disable setup screen config
mkdir -p ~/.config
touch ~/.config/gnome-initial-setup-done
#configure permissions for opensnitch firewall
chown -R root:root /etc/opensnitchd/
chmod 777 /etc/opensnitchd/settings.conf
#enable services
systemctl enable systemd-resolved
systemctl enable systemd-networkd
systemctl enable mem-alloc
#ui changes
gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
#firewall enable (inbound block)
ufw enable
#install brave browser
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
apt update
apt install -y brave-browser