Lightemerald/linux-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

specifying interface for arpwatch service

Browse Source
This commit is contained in:
Lightemerald
2025-12-12 22:54:38 +01:00
parent 9157392e25
commit 9f82b654aa
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
arch-hardening.sh
View File

@@ -24,7 +24,13 @@ sudo systemctl enable --now usbguard
# [NETW-3032] Checking for ARP monitoring software # [NETW-3032] Checking for ARP monitoring software
sudo pacman -S --noconfirm --needed arpwatch sudo pacman -S --noconfirm --needed arpwatch
sudo systemctl enable --now arpwatch # Find first non-loopback, non-virbr/vmbr interface and enable arpwatch on it
iface=$(ip -o link show | awk -F': ' '{print $2}' | sed 's/@.*$//' | grep -Ev '^(lo|virbr|vmbr)' | head -n1)
if [ -n "$iface" ]; then
sudo systemctl enable --now "arpwatch@${iface}.service"
else
echo "No suitable network interface found for arpwatch; service not enabled." >&2
fi
# [NETW-3200] Disable unused network protocols # [NETW-3200] Disable unused network protocols
sudo tee /etc/modprobe.d/network-protocols-disable.conf > /dev/null <<EOL sudo tee /etc/modprobe.d/network-protocols-disable.conf > /dev/null <<EOL