111 lines
2.7 KiB
Bash
Executable File
111 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
#
|
|
# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me)
|
|
|
|
# Exit immediately if a command exits with a non-zero status
|
|
set -e
|
|
|
|
# Function to check if a package is installed
|
|
is_installed() {
|
|
dpkg -l "$1" &> /dev/null
|
|
}
|
|
|
|
# Install required SELinux packages if not already installed
|
|
install_selinux_packages() {
|
|
PACKAGES=("selinux-basics" "selinux-policy-default" "auditd")
|
|
for PACKAGE in "${PACKAGES[@]}"; do
|
|
if ! is_installed "$PACKAGE"; then
|
|
echo "Installing $PACKAGE..."
|
|
apt-get install -y "$PACKAGE"
|
|
else
|
|
echo "$PACKAGE is already installed."
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Initialize SELinux if not already active
|
|
initialize_selinux() {
|
|
if [ ! -f /etc/selinux/config ]; then
|
|
echo "Activating SELinux..."
|
|
selinux-activate
|
|
else
|
|
echo "SELinux is already activated."
|
|
fi
|
|
}
|
|
|
|
# Restart auditd service
|
|
restart_auditd() {
|
|
if service auditd status &> /dev/null; then
|
|
echo "Restarting auditd service..."
|
|
service auditd restart
|
|
else
|
|
echo "Auditd service not found."
|
|
fi
|
|
}
|
|
|
|
# Enable SELinux policy activation on boot
|
|
enable_selinux_policy() {
|
|
if [ -f /etc/init.d/selinux-policy-activate ]; then
|
|
echo "Enabling SELinux policy activation on boot..."
|
|
update-rc.d selinux-policy-activate defaults
|
|
else
|
|
echo "SELinux policy activation script not found."
|
|
fi
|
|
}
|
|
|
|
# Disable AppArmor if it is running
|
|
disable_apparmor() {
|
|
if service apparmor status &> /dev/null; then
|
|
echo "Disabling AppArmor..."
|
|
service apparmor stop
|
|
update-rc.d -f apparmor remove
|
|
apt-get -y purge apparmor
|
|
else
|
|
echo "AppArmor is not running."
|
|
fi
|
|
}
|
|
|
|
# Set SELinux to enforcing mode
|
|
set_selinux_enforcing() {
|
|
if getenforce | grep -q "Enforcing"; then
|
|
echo "SELinux is already in enforcing mode."
|
|
else
|
|
echo "Setting SELinux to enforcing mode..."
|
|
/usr/sbin/setenforce 1
|
|
fi
|
|
}
|
|
|
|
# Configure file contexts (example)
|
|
restore_file_contexts() {
|
|
echo "Restoring file contexts in /etc/..."
|
|
/sbin/restorecon -Rv /etc/
|
|
}
|
|
|
|
# Allow HTTPD scripts and modules to connect to the network (example)
|
|
configure_httpd_selinux() {
|
|
echo "Allowing HTTPD scripts and modules to connect to the network..."
|
|
/usr/sbin/setsebool -P httpd_can_network_connect 1
|
|
}
|
|
|
|
# Main function
|
|
main() {
|
|
install_selinux_packages
|
|
initialize_selinux
|
|
restart_auditd
|
|
enable_selinux_policy
|
|
disable_apparmor
|
|
set_selinux_enforcing
|
|
restore_file_contexts
|
|
configure_httpd_selinux
|
|
|
|
echo "SELinux setup completed successfully."
|
|
}
|
|
|
|
# Run the main function
|
|
main
|
|
|
|
exit 0
|
|
|