23 lines
636 B
Bash
23 lines
636 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
set -ex
|
||
|
|
||
|
emerge-webrsync
|
||
|
eselect profile set hardened/linux/amd64/no-multilib/selinux
|
||
|
emerge sys-kernel/hardened-sources
|
||
|
echo reboot required here?
|
||
|
source /etc/profile
|
||
|
emerge -1 checkpolicy policycoreutils
|
||
|
echo another reboot?
|
||
|
FEATURES="-selinux" emerge -1 selinux-base
|
||
|
FEATURES="-selinux" emerge selinux-base-policy
|
||
|
echo and another reboot?
|
||
|
rlpkg -a -r
|
||
|
rc-update add selinux_gentoo boot
|
||
|
echo yet another reboot maybe?
|
||
|
setsebool -P global_ssp on
|
||
|
semanage login -a -s staff_u vagrant
|
||
|
restorecon -R -F /home/vagrant
|
||
|
semanage user -m -R "staff_r sysadm_r system_r" root
|
||
|
semanage user -m -R "staff_r sysadm_r system_r" staff_u
|