mirror of
https://github.com/kuhyx/scripts.git
synced 2026-07-04 14:23:08 +02:00
Final code review fixes: improve comments, validation, and security messaging
Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com>
This commit is contained in:
parent
a7044b8a87
commit
1943648f3d
@ -89,15 +89,25 @@ chmod 755 "$INTEGRITY_DIR"
|
|||||||
|
|
||||||
# Generate checksums of policy files for integrity verification
|
# Generate checksums of policy files for integrity verification
|
||||||
echo -e "${BLUE}Generating integrity checksums for policy files...${NC}"
|
echo -e "${BLUE}Generating integrity checksums for policy files...${NC}"
|
||||||
|
|
||||||
|
# Ensure all critical policy files exist before checksumming
|
||||||
|
missing_files=()
|
||||||
|
[[ ! -f "$BLOCKED_DEST" ]] && missing_files+=("$BLOCKED_DEST")
|
||||||
|
[[ ! -f "$GREYLIST_DEST" ]] && missing_files+=("$GREYLIST_DEST")
|
||||||
|
|
||||||
|
if [[ ${#missing_files[@]} -gt 0 ]]; then
|
||||||
|
echo -e "${RED}Error: Critical policy files are missing:${NC}"
|
||||||
|
printf '%s\n' "${missing_files[@]}" >&2
|
||||||
|
echo -e "${RED}Installation incomplete. Cannot create integrity file.${NC}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
{
|
{
|
||||||
if [[ -f "$BLOCKED_DEST" ]]; then
|
sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}" >&2; exit 1; }
|
||||||
sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}"; exit 1; }
|
sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}" >&2; exit 1; }
|
||||||
fi
|
# Whitelist is optional
|
||||||
if [[ -f "$GREYLIST_DEST" ]]; then
|
|
||||||
sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}"; exit 1; }
|
|
||||||
fi
|
|
||||||
if [[ -f "$WHITELIST_DEST" ]]; then
|
if [[ -f "$WHITELIST_DEST" ]]; then
|
||||||
sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}"; exit 1; }
|
sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}" >&2; exit 1; }
|
||||||
fi
|
fi
|
||||||
} > "$INTEGRITY_FILE"
|
} > "$INTEGRITY_FILE"
|
||||||
|
|
||||||
|
|||||||
@ -791,6 +791,8 @@ enforce_vbox_hosts_if_needed() {
|
|||||||
|
|
||||||
# VirtualBox is installed but enforcement not applied - this is critical
|
# VirtualBox is installed but enforcement not applied - this is critical
|
||||||
echo -e "${YELLOW}VirtualBox detected. Applying /etc/hosts enforcement to VMs...${NC}" >&2
|
echo -e "${YELLOW}VirtualBox detected. Applying /etc/hosts enforcement to VMs...${NC}" >&2
|
||||||
|
# Note: The wrapper may be running as non-root user (via sudo pacman), but enforcement
|
||||||
|
# script needs root. We check EUID to avoid double sudo if already running as root.
|
||||||
if [[ $EUID -ne 0 ]]; then
|
if [[ $EUID -ne 0 ]]; then
|
||||||
if ! sudo bash "$vbox_enforce_script" enforce; then
|
if ! sudo bash "$vbox_enforce_script" enforce; then
|
||||||
echo -e "${RED}CRITICAL: Failed to enforce hosts on VirtualBox VMs!${NC}" >&2
|
echo -e "${RED}CRITICAL: Failed to enforce hosts on VirtualBox VMs!${NC}" >&2
|
||||||
|
|||||||
@ -13,9 +13,10 @@ BLUE='\033[0;34m'
|
|||||||
CYAN='\033[0;36m'
|
CYAN='\033[0;36m'
|
||||||
NC='\033[0m' # No Color
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
# Auto-sudo functionality
|
# Auto-sudo functionality with confirmation
|
||||||
if [ "$EUID" -ne 0 ]; then
|
if [ "$EUID" -ne 0 ]; then
|
||||||
echo -e "${YELLOW}Executing with sudo...${NC}"
|
echo -e "${YELLOW}This script requires root privileges to configure VirtualBox VMs.${NC}"
|
||||||
|
echo -e "${CYAN}Executing with sudo...${NC}"
|
||||||
exec sudo "$0" "$@"
|
exec sudo "$0" "$@"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user