From 9f82b654aa5e374de5648f7c6bdab6a7f7d655cd Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Fri, 12 Dec 2025 22:54:38 +0100
Subject: [PATCH] specifying interface for arpwatch service

---
 arch-hardening.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/arch-hardening.sh b/arch-hardening.sh
index 5f73acb..66f7f1e 100644
--- a/arch-hardening.sh
+++ b/arch-hardening.sh
@@ -24,7 +24,13 @@ sudo systemctl enable --now usbguard
 
 # [NETW-3032] Checking for ARP monitoring software
 sudo pacman -S --noconfirm --needed arpwatch
-sudo systemctl enable --now arpwatch
+# Find first non-loopback, non-virbr/vmbr interface and enable arpwatch on it
+iface=$(ip -o link show | awk -F': ' '{print $2}' | sed 's/@.*$//' | grep -Ev '^(lo|virbr|vmbr)' | head -n1)
+if [ -n "$iface" ]; then
+    sudo systemctl enable --now "arpwatch@${iface}.service"
+else
+    echo "No suitable network interface found for arpwatch; service not enabled." >&2
+fi
 
 # [NETW-3200] Disable unused network protocols
 sudo tee /etc/modprobe.d/network-protocols-disable.conf > /dev/null <<EOL