From d1925892f9d755b264f1594023458c229939b7fd Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Sat, 7 Jan 2017 00:32:46 -0500 Subject: dhcpcd-hardened-script --- nonprism/dhcpcd-hardened-script/PKGBUILD | 16 ++++++++++++++++ .../dhcpcd-hardened-script/dhcp-hardened-script.service | 0 nonprism/dhcpcd-hardened-script/dhcpcd_hardened.sh | 6 ++++++ nonprism/networkmanager-nonprism/30-nonprism.conf | 12 ------------ nonprism/networkmanager-nonprism/PKGBUILD | 16 ---------------- 5 files changed, 22 insertions(+), 28 deletions(-) create mode 100644 nonprism/dhcpcd-hardened-script/PKGBUILD create mode 100644 nonprism/dhcpcd-hardened-script/dhcp-hardened-script.service create mode 100644 nonprism/dhcpcd-hardened-script/dhcpcd_hardened.sh delete mode 100644 nonprism/networkmanager-nonprism/30-nonprism.conf delete mode 100644 nonprism/networkmanager-nonprism/PKGBUILD diff --git a/nonprism/dhcpcd-hardened-script/PKGBUILD b/nonprism/dhcpcd-hardened-script/PKGBUILD new file mode 100644 index 000000000..a8467fbc5 --- /dev/null +++ b/nonprism/dhcpcd-hardened-script/PKGBUILD @@ -0,0 +1,16 @@ +# Maintainer: Luke R. GPG: rsa4096/3EAE8697 + +pkgname=dhcpcd-hardened-script +pkgver=0.1 +pkgrel=1 +pkgdesc="Removes Hostname and resets DUID to prevent DHCP leaks on the network" +arch=(any) +license=(GPL2) +depends=('dhcpcd') +source=('dhcpcd_hardened.sh') +sha512sums=('70e9e4faa87cf258f5d47ce56a7b7d439e0dd9e59ab7d2be2790fcc55342c05a321e4d7e06b8a0ae30ed2575b2a62843d167e93aba9de5cbb9e2034bce0a71ed') +whirlpoolsums=('753e1931978c3168acf93a92f9d1050dec4ba4fb9bf6dc76280c6a6bfeef8f09cc371501e7d34d83c013a800155466135cf24159b06258cde60ae7c871d0fb5e') + +package() { + install -Dm755 dhcpcd_hardened.sh "$pkgdir"/usr/lib/dhcpcd/dhcpcd_hardened.sh +} diff --git a/nonprism/dhcpcd-hardened-script/dhcp-hardened-script.service b/nonprism/dhcpcd-hardened-script/dhcp-hardened-script.service new file mode 100644 index 000000000..e69de29bb diff --git a/nonprism/dhcpcd-hardened-script/dhcpcd_hardened.sh b/nonprism/dhcpcd-hardened-script/dhcpcd_hardened.sh new file mode 100644 index 000000000..82f1b4dd0 --- /dev/null +++ b/nonprism/dhcpcd-hardened-script/dhcpcd_hardened.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# This script wipes hostname and DUID so that DHCP can't send it over the network +hostnamectl set-hostname localhost +sed -i '/127.0.0.1/c\127.0.0.1 localhost.localdomain localhost 'localhost'' /etc/hosts ##properly sets our new host in /etc/hosts file +hostname localhost ##avoids need to reboot before showing our new hostname in terminals etc. +rm -rf /etc/dhcpcd.duid # Delete DUID diff --git a/nonprism/networkmanager-nonprism/30-nonprism.conf b/nonprism/networkmanager-nonprism/30-nonprism.conf deleted file mode 100644 index 01b4883d5..000000000 --- a/nonprism/networkmanager-nonprism/30-nonprism.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-Prism Hardened configuration file for NetworkManager -# https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ -# https://fedoraproject.org/wiki/Tools/NetworkManager/IPv6 -[device-mac-randomization] -wifi.scan-rand-mac-address=yes - -[connection-mac-randomization] -ethernet.cloned-mac-address=random -wifi.cloned-mac-address=random - -[ipv6] -ip6-privacy=2 \ No newline at end of file diff --git a/nonprism/networkmanager-nonprism/PKGBUILD b/nonprism/networkmanager-nonprism/PKGBUILD deleted file mode 100644 index 4b0dd38d4..000000000 --- a/nonprism/networkmanager-nonprism/PKGBUILD +++ /dev/null @@ -1,16 +0,0 @@ -# Maintainer: Luke R. GPG: rsa4096/3EAE8697 - -pkgname=networkmanager-hardened-configs -pkgver=0.1 -pkgrel=1 -pkgdesc="Enables MAC protection on all interfaces." -arch=(any) -license=(GPL2) -depends=('networkmanager') -source=('30-nonprism.conf') -sha512sums=('70e9e4faa87cf258f5d47ce56a7b7d439e0dd9e59ab7d2be2790fcc55342c05a321e4d7e06b8a0ae30ed2575b2a62843d167e93aba9de5cbb9e2034bce0a71ed') -whirlpoolsums=('753e1931978c3168acf93a92f9d1050dec4ba4fb9bf6dc76280c6a6bfeef8f09cc371501e7d34d83c013a800155466135cf24159b06258cde60ae7c871d0fb5e') - -package() { - install -Dm644 30-nonprism.conf "$pkgdir"/usr/lib/NetworkManager/conf.d/30-nonprism.conf -} -- cgit v1.2.3