mirror of
https://github.com/kuhyx/scripts.git
synced 2026-07-04 12:43:05 +02:00
Final code review fixes: improve comments, validation, and security messaging
Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com>
This commit is contained in:
parent
a7044b8a87
commit
1943648f3d
@ -89,15 +89,25 @@ chmod 755 "$INTEGRITY_DIR"
|
||||
|
||||
# Generate checksums of policy files for integrity verification
|
||||
echo -e "${BLUE}Generating integrity checksums for policy files...${NC}"
|
||||
|
||||
# Ensure all critical policy files exist before checksumming
|
||||
missing_files=()
|
||||
[[ ! -f "$BLOCKED_DEST" ]] && missing_files+=("$BLOCKED_DEST")
|
||||
[[ ! -f "$GREYLIST_DEST" ]] && missing_files+=("$GREYLIST_DEST")
|
||||
|
||||
if [[ ${#missing_files[@]} -gt 0 ]]; then
|
||||
echo -e "${RED}Error: Critical policy files are missing:${NC}"
|
||||
printf '%s\n' "${missing_files[@]}" >&2
|
||||
echo -e "${RED}Installation incomplete. Cannot create integrity file.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{
|
||||
if [[ -f "$BLOCKED_DEST" ]]; then
|
||||
sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}"; exit 1; }
|
||||
fi
|
||||
if [[ -f "$GREYLIST_DEST" ]]; then
|
||||
sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}"; exit 1; }
|
||||
fi
|
||||
sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}" >&2; exit 1; }
|
||||
sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}" >&2; exit 1; }
|
||||
# Whitelist is optional
|
||||
if [[ -f "$WHITELIST_DEST" ]]; then
|
||||
sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}"; exit 1; }
|
||||
sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}" >&2; exit 1; }
|
||||
fi
|
||||
} > "$INTEGRITY_FILE"
|
||||
|
||||
|
||||
@ -791,6 +791,8 @@ enforce_vbox_hosts_if_needed() {
|
||||
|
||||
# VirtualBox is installed but enforcement not applied - this is critical
|
||||
echo -e "${YELLOW}VirtualBox detected. Applying /etc/hosts enforcement to VMs...${NC}" >&2
|
||||
# Note: The wrapper may be running as non-root user (via sudo pacman), but enforcement
|
||||
# script needs root. We check EUID to avoid double sudo if already running as root.
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
if ! sudo bash "$vbox_enforce_script" enforce; then
|
||||
echo -e "${RED}CRITICAL: Failed to enforce hosts on VirtualBox VMs!${NC}" >&2
|
||||
|
||||
@ -13,9 +13,10 @@ BLUE='\033[0;34m'
|
||||
CYAN='\033[0;36m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# Auto-sudo functionality
|
||||
# Auto-sudo functionality with confirmation
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo -e "${YELLOW}Executing with sudo...${NC}"
|
||||
echo -e "${YELLOW}This script requires root privileges to configure VirtualBox VMs.${NC}"
|
||||
echo -e "${CYAN}Executing with sudo...${NC}"
|
||||
exec sudo "$0" "$@"
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user