search

Fedora-OSTree-Setup-dev / Fedora-OSTree-Setup

Glorified scipt that automates the setup of Fedora Silverblue/Kinoite based on given config file.
GNU General Public License v3.0
7 stars 3 forks source link

Tracker: Security / Privacy additions #52

Closed boredsquirrel closed 1 year ago

boredsquirrel commented 1 year ago
boredsquirrel commented 1 year ago

Opensnitch:

xdg-open https://github.com/evilsocket/opensnitch/releases/latest

wget https://github.com/evilsocket/opensnitch/releases/download/v1.5.2/opensnitch-1.5.2-1.x86_64.rpm
wget https://github.com/evilsocket/opensnitch/releases/download/v1.5.2/opensnitch-ui-1.5.2-1.noarch.f29.rpm

rpm-ostree install opensnitch opensnitch-ui && reboot

reboot-script:

# autostart 
ln -s /usr/share/applications/opensnitch_ui.desktop ~/.config/autostart/

sudo systemctl enable opensnitch
sudo service opensnitch start

# configs

cd ~/.config/opensnitch

# slow down automatic timeout
sed -i 's/default_timeout=15/default_timeout=99/g' settings.conf

# set to keep rules forever (otherwise resets on reboot)
sed -i 's/default_duration=6/default_duration=7/g' settings.conf

# enable purging old logs
sed -i 's/purge_oldest=false/purge_oldest=true/g' settings.conf

Current Problems:

boredsquirrel commented 1 year ago

Mac randomization:

sudo printf """[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable
connection.stable-id=${CONNECTION}/${BOOT}""" > /etc/NetworkManager/conf.d/00-macrandomize.conf

sudo systemctl restart NetworkManager

some say there is a GUI way in GNOME? The KDE interface is not easy to understand if it works (you can set a random number, but afaik no autogeneration. It works per network).

it should be included how to disable randomization on some networks.

nmcli c modify <IP-adress-router> 802-11-wireless.cloned-mac-address permanent
iaacornus commented 1 year ago

ill also merge this with #38