adding rngd

2025-12-12 21:32:48 +01:00
parent a4dd702474
commit ef4f6cd2b3
1 changed files with 4 additions and 0 deletions
--- a/arch-hardening.sh
+++ b/arch-hardening.sh
@@ -250,6 +250,10 @@ sudo pacman -S --noconfirm --needed arch-audit
 sudo chmod 600 /etc/ssh/sshd_config
 sudo chmod 700 /etc/cron.hourly

+# [CRYP-8004] Presence of hardware random number generator
+sudo pacman -S --noconfirm --needed rng-tools
+sudo systemctl enable --now rngd
+
 # [AUTH-9230] Ensure password hashing algorithm is set to YESCRYPT and hashing rounds to minimum of 5000 and maximum of 5000000
 sudo sed -i 's/^ENCRYPT_METHOD .*/ENCRYPT_METHOD YESCRYPT/' /etc/login.defs
 sudo sed -i 's/^#SHA_CRYPT_MIN_ROUNDS .*/SHA_CRYPT_MIN_ROUNDS 5000/' /etc/login.defs