arainho/archlinux_hardening.sh

## archlinux_hardening.sh
# https://wiki.archlinux.org/index.php/Firejail
# https://linux-audit.com/audit-and-harden-your-ssh-configuration/

sudo firecfg
mkdir -p /etc/pacman.d/hooks/
sudo bash -c 'cat > /etc/pacman.d/hooks/firejail.hook' << EOF
[Trigger]
Type = Path
Operation = Install
Operation = Upgrade
Operation = Remove
Target = usr/bin/*
Target = usr/local/bin/*
Target = usr/share/applications/*.desktop

[Action]
Description = Configure symlinks in /usr/local/bin based on firecfg.config...
When = PostTransaction
Depends = firejail
Exec = /bin/sh -c 'firecfg &>/dev/null'
EOF

# X11
#https://wiki.archlinux.org/index.php/Xephyr
#https://wiki.archlinux.org/index.php/Firejail
#https://firejail.wordpress.com/documentation-2/basic-usage/#x11
	# https://wiki.archlinux.org/index.php/Firejail
	# https://linux-audit.com/audit-and-harden-your-ssh-configuration/

	sudo firecfg
	mkdir -p /etc/pacman.d/hooks/
	sudo bash -c 'cat > /etc/pacman.d/hooks/firejail.hook' << EOF
	[Trigger]
	Type = Path
	Operation = Install
	Operation = Upgrade
	Operation = Remove
	Target = usr/bin/*
	Target = usr/local/bin/*
	Target = usr/share/applications/*.desktop

	[Action]
	Description = Configure symlinks in /usr/local/bin based on firecfg.config...
	When = PostTransaction
	Depends = firejail
	Exec = /bin/sh -c 'firecfg &>/dev/null'
	EOF

	# X11
	#https://wiki.archlinux.org/index.php/Xephyr
	#https://wiki.archlinux.org/index.php/Firejail
	#https://firejail.wordpress.com/documentation-2/basic-usage/#x11