add usr/bin/hardening-enable

debian/control

@@ -5,7 +5,8 @@ Source: security-misc
 Section: misc
 Priority: optional
 Maintainer: Patrick Schleizer <adrelanos@riseup.net>
-Build-Depends: debhelper (>= 12), genmkfile, config-package-dev, dh-apparmor
+Build-Depends: debhelper (>= 12), genmkfile, config-package-dev, dh-apparmor,
+ ronn
 Homepage: https://github.com/Whonix/security-misc
 Vcs-Browser: https://github.com/Whonix/security-misc
 Vcs-Git: https://github.com/Whonix/security-misc.git

debian/rules

@@ -8,9 +8,13 @@
 %:
 	dh $@ --with=config-package
 
+override_dh_installman:
+	make manpages
+	dh_installman $(CURDIR)/debian/tmp-man/*
+
 override_dh_installchangelogs:
 	dh_installchangelogs changelog.upstream upstream
-	
+
 override_dh_install:
 	dh_apparmor --profile-name='usr.lib.security-misc.pam_tally2-info'
 	dh_apparmor --profile-name='usr.lib.security-misc.permission-lockdown'

man/hardening-enable.8.ronn

@@ -0,0 +1,16 @@
+hardening-enable(8) -- enable all hardening by security-misc
+=============================================
+
+<span class="comment">
+# Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+# See the file COPYING for copying conditions.
+</span>
+
+## SYNOPSIS
+`hardening-enable`
+
+## Description
+Enables all hardening by security-misc.
+
+## AUTHOR
+This man page has been written by Patrick Schleizer (adrelanos@riseup.net).

usr/bin/hardening-enable

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+set -x
+set -e
+
+systemctl enable hide-hardware-info.service
+
+touch /etc/noexec
+
+mkdir -p /etc/sysctl.d
+
+echo "\
+## This is an automatically generated file.
+## This file was automatically generated by:
+## $0
+## Edits may be lost!
+
+## https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Configuration
+lkrg.ci_panic=1
+lkrg.umh_lock=1" > /etc/sysctl.d/40-security-misc-autogenerated.conf
+
+pam-auth-update --enable console-lockdown-security-misc