From 78220c311de2b224dcc0def2ae17eba5b9ffacc9 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 31 May 2024 13:59:44 -0700
Subject: [PATCH] Update kernel hardening

Signed-off-by: Tommy <contact@tommytran.io>
---
 install.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/install.sh b/install.sh
index 1af4b97..56c8e34 100644
--- a/install.sh
+++ b/install.sh
@@ -348,6 +348,11 @@ sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
 
 ## Continue kernel hardening
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | tee /mnt/etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /mnt/etc/modprobe.d/30_security-misc.conf
+if [ "${install_mode}" != 'server' ]; then
+    sudo sed -i 's/#[[:space:]]*install bluetooth/install bluetooth/g' /mnt/etc/modprobe.d/30_security-misc.conf
+    sudo sed -i 's/#[[:space:]]*install btusb/install btusb/g' /mnt/etc/modprobe.d/30_security-misc.conf
+fi
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | tee /mnt/etc/sysctl.d/990-security-misc.conf
 sed -i 's/kernel\.yama\.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /mnt/etc/sysctl.d/990-security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf | tee /mnt/etc/sysctl.d/30_silent-kernel-printk.conf