mirror of
https://github.com/stornic56/debianito-post-install.git
synced 2026-07-16 13:59:50 +00:00
872f92d6b4
- Created dedicated `extras/java.sh` module for modular Temurin/Adoptium repository handling and isolated GPG key management. - Implemented selective JRE/JDK installation paths: Gaming (Minecraft) vs Development environments with version control selectors. - Enhanced user group membership logic (`_ensure_sudo_group`) to auto-configure administrative privileges on fresh installs. - Introduced maintenance-friendly passwordless sudo for `apt`, `systemctl`, and shutdown commands via `/etc/sudoers.d/`. - Added home directory ownership repair utility to fix root-owned files in user directories after improper `sudo` usage. - Enabled visual password feedback (`pwfeedback`) toggle for enhanced terminal usability during authentication prompts. - Refactored Debian 13/Trixie repository sourcing logic to ensure idempotency and prevent backports/duplicate sources conflicts. - Updated Bullseye legacy modules (extras.sh, repos.sh) to exclude deprecated packages (`hx`, `vscodium`) and enforce Firefox ESR defaults. - Cleaned repository configurations by removing obsolete `bullseye-updates` source entries to prevent dependency conflicts. - Implemented NVTOP conditional detection logic ensuring display only on active Nvidia drivers or supported architectures (Trixie/Bookworm). - Corrected `/modules/bullseye/extras.sh` menu mappings (Programming, Dev Tools) and verified package lists excluding incompatible tools (`hx`, `vscodium`). - Integrated ClamAV security module with daemon state management and background scan execution flows in all Security menus. - update README.md
51 lines
2.0 KiB
Bash
51 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
# security.sh — Security & Networking
|
|
|
|
_cat_security() {
|
|
local headless=false
|
|
_is_headless && headless=true
|
|
local wireshark_state; wireshark_state=$(_state "wireshark")
|
|
local tcpdump_state; tcpdump_state=$(_state "tcpdump")
|
|
local zenmap_state; zenmap_state=$(_state "zenmap")
|
|
local fail2ban_state; fail2ban_state=$(_state "fail2ban")
|
|
local ufw_state; ufw_state=$(_state "ufw")
|
|
local clamav_state; clamav_state=$(_state "clamav")
|
|
|
|
local TUI_ANCHO_REFORZADO=$((TUI_ANCHO + 6))
|
|
local choices
|
|
choices=$(whiptail --title "Security & Networking" --checklist \
|
|
"Select security and networking tools (6 items):" $TUI_ALTO $TUI_ANCHO_REFORZADO $TUI_ALTO_LISTA \
|
|
"wireshark" "Network protocol analyzer (GUI)$(_inst wireshark)" "$wireshark_state" \
|
|
"tcpdump" "Command-line packet analyzer$(_inst tcpdump)" "$tcpdump_state" \
|
|
"zenmap" "Network scanner GUI (Nmap frontend)$(_inst zenmap)" "$zenmap_state" \
|
|
"fail2ban" "Brute-force protection daemon$(_inst fail2ban)" "$fail2ban_state" \
|
|
"ufw" "Uncomplicated firewall$(_inst ufw)" "$ufw_state" \
|
|
"clamav" "Antivirus engine (ClamAV)$(_inst clamav)" "$clamav_state" \
|
|
3>&1 1>&2 2>&3)
|
|
clear
|
|
|
|
[ -z "$choices" ] && return
|
|
|
|
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
|
|
|
|
for pkg in $cleaned; do
|
|
case $pkg in
|
|
zenmap)
|
|
install_backports_or_stable zenmap
|
|
;;
|
|
clamav)
|
|
_install_clamav
|
|
;;
|
|
*)
|
|
if ! is_installed "$pkg"; then
|
|
_run_install "$pkg"
|
|
else
|
|
echo "$pkg already installed."
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
echo -e "${GREEN}Security & networking tools installed.${NC}"
|
|
}
|