#!/bin/bash ## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then source /usr/libexec/helper-scripts/pre.bsh fi set -e true " ##################################################################### ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ ##################################################################### " permission_hardening_legacy_state_files() { if test -d /var/lib/permission-hardener ; then return 0 fi if ! test -d /var/lib/permission-hardening ; then return 0 fi mv --verbose /var/lib/permission-hardening /var/lib/permission-hardener } permission_hardening_legacy_config_folder() { if ! test -d /etc/permission-hardening.d ; then return 0 fi rmdir --verbose --ignore-fail-on-non-empty /etc/permission-hardening.d || true } permission_hardening() { echo "Running SUID Disabler and Permission Hardener... See also:" echo "https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener" echo "$0: INFO: running: permission-hardener enable" if ! permission-hardener enable ; then echo "$0: ERROR: Permission hardening failed." >&2 return 0 fi echo "$0: INFO: Permission hardening success." } case "$1" in configure) if [ -d /etc/skel/.gnupg ]; then ## Lintian warns against use of chmod --recursive. chmod 700 /etc/skel/.gnupg fi ## /usr/share/glib-2.0/schemas/30_security-misc.gschema.override glib-compile-schemas /usr/share/glib-2.0/schemas || true ## state dir for faillock mkdir -p /var/lib/security-misc/faillock ;; abort-upgrade|abort-remove|abort-deconfigure) ;; triggered) echo "INFO: triggered $DPKG_MAINTSCRIPT_PACKAGE: '$DPKG_MAINTSCRIPT_PACKAGE' $DPKG_MAINTSCRIPT_PACKAGE DPKG_MAINTSCRIPT_NAME: '$DPKG_MAINTSCRIPT_NAME' $\@: '$@' 2: '$2'" /usr/share/security-misc/lkrg/lkrg-virtualbox || true /usr/libexec/security-misc/mmap-rnd-bits || true permission_hardening exit 0 ;; *) echo "$DPKG_MAINTSCRIPT_NAME called with unknown argument \`$1'" >&2 exit 1 ;; esac pam-auth-update --package /usr/libexec/security-misc/permission-lockdown permission_hardening_legacy_state_files permission_hardening ## https://phabricator.whonix.org/T377 ## Debian has no update-grub trigger yet: ## https://bugs.debian.org/481542 if command -v update-grub >/dev/null 2>&1; then update-grub || \ echo "$DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ERROR: Running \ 'update-grub' failed with exit code $?. $DPKG_MAINTSCRIPT_PACKAGE is most \ likely only the trigger, not the cause. Unless you know this is not an issue, \ you should fix running 'update-grub', otherwise your system might no longer \ boot." >&2 fi /usr/libexec/security-misc/mmap-rnd-bits || true true "INFO: debhelper beginning here." #DEBHELPER# true "INFO: Done with debhelper." permission_hardening_legacy_config_folder true " ##################################################################### ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ ##################################################################### " ## Explicitly "exit 0", so eventually trapped errors can be ignored. exit 0