From a5c22bbff2efbbd01b47938d2cd79a422968007a Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sun, 28 Apr 2024 14:16:43 -0700
Subject: [PATCH] Add hardened_malloc to Fedora

Signed-off-by: Tommy <contact@tommytran.io>
---
 fedora-minimal/fedora-minimal.sh | 9 ++++++++-
 fedora/fedora-gnome.sh           | 7 +++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/fedora-minimal/fedora-minimal.sh b/fedora-minimal/fedora-minimal.sh
index a1bccbe..6daacee 100644
--- a/fedora-minimal/fedora-minimal.sh
+++ b/fedora-minimal/fedora-minimal.sh
@@ -44,4 +44,11 @@ sysctl -p
 
 # Harden SSH
 curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | tee /etc/ssh/ssh_config.d/10-custom.conf
-chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
\ No newline at end of file
+chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
+
+# Setup hardened_malloc
+dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
+sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
+dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
+dnf install hardened_malloc -y
+echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
\ No newline at end of file
diff --git a/fedora/fedora-gnome.sh b/fedora/fedora-gnome.sh
index cc03532..be4ff0c 100644
--- a/fedora/fedora-gnome.sh
+++ b/fedora/fedora-gnome.sh
@@ -126,6 +126,13 @@ unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/Tomm
 sudo mkdir -p /etc/systemd/system/ModemManager.service.d
 curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/divestedcg/Brace/master/brace/usr/lib/systemd/system/ModemManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/ModemManager.service.d/99-brace.conf
 
+# Setup hardened_malloc
+sudo dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
+sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
+sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
+sudo dnf install hardened_malloc -y
+echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
+
 # Setup networking
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf | sudo tee /etc/NetworkManager/conf.d/00-macrandomize.conf
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf | sudo tee /etc/NetworkManager/conf.d/01-transient-hostname.conf