More old busted stuff with the gentoo hardened box

selinux/.vagrant-provision.sh

@@ -2,21 +2,8 @@
 
 set -ex
 
-emerge-webrsync
+if [[ ! -e /vagrant/wipe ]] ; then
-eselect profile set hardened/linux/amd64/no-multilib/selinux
+  exit 0
-emerge sys-kernel/hardened-sources
+fi
-echo reboot required here?
+
-source /etc/profile
+/vagrant/base-box-wipe.sh
-emerge -1 checkpolicy policycoreutils
-echo another reboot?
-FEATURES="-selinux" emerge -1 selinux-base
-FEATURES="-selinux" emerge selinux-base-policy
-echo and another reboot?
-rlpkg -a -r
-rc-update add selinux_gentoo boot
-echo yet another reboot maybe?
-setsebool -P global_ssp on
-semanage login -a -s staff_u vagrant
-restorecon -R -F /home/vagrant
-semanage user -m -R "staff_r sysadm_r system_r" root
-semanage user -m -R "staff_r sysadm_r system_r" staff_u

selinux/Vagrantfile

@@ -1,5 +1,6 @@
 Vagrant.configure('2') do |config|
-  config.vm.box = 'meatballhat/gentoo-amd64'
+  config.vm.box = 'meatballhat/gentoo-hardened'
+  config.vm.box_version = '>= 0.1.2'
   config.vm.provision 'shell', path: '.vagrant-provision.sh'
   config.vm.provision 'shell', path: '.vagrant-provision-as-vagrant.sh', privileged: false
 

selinux/base-box-wipe.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+
+rm -rf /usr/portage /usr/src /tmp/* /var/tmp/*
+
+dd if=/dev/zero of=/EMPTY bs=1M || true
+rm -f /EMPTY
+
+unset HISTFILE
+rm -f /root/.bash_history
+rm -f /home/vagrant/.bash_history
+
+find /var/log -type f | while read f; do echo -ne '' > $f; done
+
+count=`df --sync -kP / | tail -n1  | awk -F ' ' '{print $4}'`
+let count--
+dd if=/dev/zero of=/tmp/whitespace bs=1024 count=$count || true
+rm /tmp/whitespace
+
+count=`df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}'`
+let count--
+dd if=/dev/zero of=/boot/whitespace bs=1024 count=$count || true
+rm /boot/whitespace
+
+swappart=`cat /proc/swaps | tail -n1 | awk -F ' ' '{print $1}'`
+swapoff $swappart
+dd if=/dev/zero of=$swappart || true
+mkswap $swappart
+swapon $swappart