specifying interface for arpwatch service

arch-hardening.sh

@@ -24,7 +24,13 @@ sudo systemctl enable --now usbguard
 
 # [NETW-3032] Checking for ARP monitoring software
 sudo pacman -S --noconfirm --needed arpwatch
-sudo systemctl enable --now arpwatch
+# Find first non-loopback, non-virbr/vmbr interface and enable arpwatch on it
+iface=$(ip -o link show | awk -F': ' '{print $2}' | sed 's/@.*$//' | grep -Ev '^(lo|virbr|vmbr)' | head -n1)
+if [ -n "$iface" ]; then
+    sudo systemctl enable --now "arpwatch@${iface}.service"
+else
+    echo "No suitable network interface found for arpwatch; service not enabled." >&2
+fi
 
 # [NETW-3200] Disable unused network protocols
 sudo tee /etc/modprobe.d/network-protocols-disable.conf > /dev/null <<EOL