Files
debianito-post-install/modules/extras/security/security.sh
T
stornic56 2ebb33460c Broadcom, Utils & Headless Fixes
- Removed dead Broadcom hardware IDs (4357/4358/4360/4727) from `_is_broadcom_b43`, retaining only valid ID 4352 to eliminate false positives in the case statement.
- Added a guard in `_handle_wireless` Level 3 to verify `linux-headers` availability via `apt-cache policy`. Skips DKMS compilation if headers are missing, preventing transaction failures during installation.
- Implemented Broadcom combo card detection (WiFi + Bluetooth) by scanning `PCI_BT_DEVS`. Automatically writes `/etc/modprobe.d/broadcom-combo.conf` with `softdep wl post: btusb` and warns users about potential reboot requirements.
- Enhanced Level 2 (`firmware-b43-installer`) with post-installation validation for `/lib/firmware/b43`. Provides clear recovery instructions via `sudo dpkg-reconfigure firmware-b43-installer` if the directory is empty or missing after installation.
- Created a new helper `_msg_red()` in `utils.sh` to handle critical error messages with colored Whiptail output, replacing standard alerts for migration warnings and failures.
- Updated `repos/migrate.sh` to use `_msg_red()` for branch migration warnings and failure states, ensuring visibility of critical issues while keeping completion messages informative.
- Verified headless mode guards across 16 separate extras files (`office.sh`, `fetch.sh`, `cursors.sh`, etc.), preventing unnecessary package installations on servers without display environments.
- Completed syntax verification (`bash -n`) across all core and extra modules, ensuring no errors in the updated logic for firmware, gaming, swap, or repository management scripts.
- update readme.md
2026-07-10 19:50:36 -05:00

58 lines
1.9 KiB
Bash

#!/usr/bin/env bash
# security.sh — Security & Networking
_cat_security() {
local headless=false
_is_headless && headless=true
local -a items=()
if ! $headless; then
local wireshark_state; wireshark_state=$(_state "wireshark")
local zenmap_state; zenmap_state=$(_state "zenmap")
items+=(
"wireshark" "Network protocol analyzer (GUI)$(_inst wireshark)" "$wireshark_state"
"zenmap" "Network scanner GUI (Nmap frontend)$(_inst zenmap)" "$zenmap_state"
)
fi
local tcpdump_state; tcpdump_state=$(_state "tcpdump")
local fail2ban_state; fail2ban_state=$(_state "fail2ban")
local ufw_state; ufw_state=$(_state "ufw")
local clamav_state; clamav_state=$(_state "clamav")
items+=(
"tcpdump" "Command-line packet analyzer$(_inst tcpdump)" "$tcpdump_state"
"fail2ban" "Brute-force protection daemon$(_inst fail2ban)" "$fail2ban_state"
"ufw" "Uncomplicated firewall$(_inst ufw)" "$ufw_state"
"clamav" "Antivirus engine (ClamAV)$(_inst clamav)" "$clamav_state"
)
local TUI_ANCHO_REFORZADO=$((TUI_ANCHO + 6))
local choices
choices=$(_checklist "Security & Networking" "Select security and networking tools${SCROLL_HINT}:" $TUI_ALTO $TUI_ANCHO_REFORZADO $TUI_ALTO_LISTA \
"${items[@]}" \
)
clear
[ -z "$choices" ] && return
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
for pkg in $cleaned; do
case $pkg in
zenmap)
install_backports_or_stable zenmap
;;
clamav)
_install_clamav
;;
*)
if ! is_installed "$pkg"; then
_run_install "$pkg"
else
echo "$pkg already installed."
fi
;;
esac
done
echo -e "${GREEN}Security & networking tools installed.${NC}"
}