bash-stuff/install-grub-security.sh

#!/bin/bash
echo "[+] Installing GRUB 2 Security...";
echo "[i] Use --force to regenerate the signing key; clears ALL root's GPG keys!"
echo "[?] WARNING Make sure the current GRUB version does not have any bugs with gpg before installing, use CTRL+C to quit, enter to continue:";
read;
sudo cp bin/* /bin/ -f;
sudo cp initramfs-tools-hooks/* /etc/initramfs-tools/hooks/ -f;
sudo cp local-sbin/* /usr/local/sbin/ -f;
sudo cp kernel-hooks/* /etc/kernel/ -fr;
sudo cp lib-systemd-system-sleep/* /usr/lib/systemd/system-sleep/ -f;
sudo 7za x -o/etc grub.d.my.7z -y;
sudo chmod +x /etc/grub.d/*;
sudo cp sbat /root/sbat -f;
sudo cp stop_timeout.conf /etc/systemd/system.conf.d/60_custom.conf -f;
sudo systemctl daemon-reload;
if [[ "$1" == "--force" ]]; then
  echo "[?] WARNING Clearing previous gpg keys in root, use CTRL+C to quit, enter to continue:";
  read;
  sudo rm -f /root/pubkey;
  sudo rm -rf /root/.gnupg;
fi;
if sudo [ ! -f /root/pubkey ]; then
  sudo gpg --batch --passphrase '' --quick-gen-key root@localhost rsa3072 default;
  sudo gpg --export -o /root/pubkey;
fi;
sudo cp /root/pubkey /boot/pubkey -f;
sudo cp gpg.conf /root/.gnupg/gpg.conf -f;
sudo cp gpg-agent.conf /root/.gnupg/gpg-agent.conf -f;
sudo grub-update;
echo "[+] Complete!";
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`#!/bin/bash`
Make sure grub is updated after installing security. 2024-08-03 00:34:53 +01:00			`echo "[+] Installing GRUB 2 Security...";`
Add lib-rust copy to bash_aliases for kernel build. Add hibernation activation script. Fix up grub security installation. Fix up local mydebs repo installation. 2024-08-18 14:52:03 +01:00			`echo "[i] Use --force to regenerate the signing key; clears ALL root's GPG keys!"`
Make sure grub is updated after installing security. 2024-08-03 00:34:53 +01:00			`echo "[?] WARNING Make sure the current GRUB version does not have any bugs with gpg before installing, use CTRL+C to quit, enter to continue:";`
			`read;`
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`sudo cp bin/* /bin/ -f;`
			`sudo cp initramfs-tools-hooks/* /etc/initramfs-tools/hooks/ -f;`
			`sudo cp local-sbin/* /usr/local/sbin/ -f;`
			`sudo cp kernel-hooks/* /etc/kernel/ -fr;`
			`sudo cp lib-systemd-system-sleep/* /usr/lib/systemd/system-sleep/ -f;`
			`sudo 7za x -o/etc grub.d.my.7z -y;`
Make grub scripts executable. 2024-08-02 21:07:42 +01:00			`sudo chmod +x /etc/grub.d/*;`
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`sudo cp sbat /root/sbat -f;`
Add lib-rust copy to bash_aliases for kernel build. Add hibernation activation script. Fix up grub security installation. Fix up local mydebs repo installation. 2024-08-18 14:52:03 +01:00			`sudo cp stop_timeout.conf /etc/systemd/system.conf.d/60_custom.conf -f;`
			`sudo systemctl daemon-reload;`
			`if [[ "$1" == "--force" ]]; then`
			`echo "[?] WARNING Clearing previous gpg keys in root, use CTRL+C to quit, enter to continue:";`
			`read;`
			`sudo rm -f /root/pubkey;`
			`sudo rm -rf /root/.gnupg;`
			`fi;`
			`if sudo [ ! -f /root/pubkey ]; then`
GRUB2 can't do ECC (Really?) 2024-08-04 23:00:11 +01:00			`sudo gpg --batch --passphrase '' --quick-gen-key root@localhost rsa3072 default;`
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`sudo gpg --export -o /root/pubkey;`
Add lib-rust copy to bash_aliases for kernel build. Add hibernation activation script. Fix up grub security installation. Fix up local mydebs repo installation. 2024-08-18 14:52:03 +01:00			`fi;`
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`sudo cp /root/pubkey /boot/pubkey -f;`
			`sudo cp gpg.conf /root/.gnupg/gpg.conf -f;`
			`sudo cp gpg-agent.conf /root/.gnupg/gpg-agent.conf -f;`
Make sure grub is updated after installing security. 2024-08-03 00:34:53 +01:00			`sudo grub-update;`
Add auto installer for mostly securing grub via sig file. 2024-08-02 21:04:23 +01:00			`echo "[+] Complete!";`