diff options
| -rwxr-xr-x | archsetup | 21 | ||||
| -rw-r--r-- | todo.org | 5 |
2 files changed, 25 insertions, 1 deletions
@@ -105,6 +105,7 @@ archsetup_packages="/var/log/archsetup-installed-packages.txt" min_disk_space_gb=20 state_dir="/var/lib/archsetup/state" error_messages=() +firewall_verified=false ### Cleanup Trap # Ensures tmpfs is unmounted if script exits unexpectedly @@ -847,6 +848,14 @@ EOF action="starting firewall service" && display "task" "$action" systemctl start ufw.service >> "$logfile" 2>&1 || error "error" "$action" "$?" + # Verify firewall is actually active + action="verifying firewall is active" && display "task" "$action" + if ufw status | grep -q "Status: active"; then + firewall_verified=true + else + error "error" "firewall verification failed - ufw is not active" "1" + fi + # Service Discovery display "subtitle" "Network Service Discovery" @@ -1697,6 +1706,18 @@ outro() { done fi + # Critical security warning if firewall setup failed + if [ "$firewall_verified" != "true" ]; then + printf "\n" | tee -a "$logfile" + printf "!!! CRITICAL SECURITY WARNING !!!\n" | tee -a "$logfile" + printf "!!! FIREWALL IS NOT ACTIVE !!!\n" | tee -a "$logfile" + printf "Your system may be unprotected. Please run these commands manually:\n" | tee -a "$logfile" + printf " sudo ufw default deny incoming\n" | tee -a "$logfile" + printf " sudo ufw enable\n" | tee -a "$logfile" + printf " sudo ufw status\n" | tee -a "$logfile" + printf "\n" | tee -a "$logfile" + fi + printf "\n" printf "Please reboot before working with your new workstation.\n\n" @@ -218,9 +218,12 @@ CLOSED: [2025-11-13 Wed] FTP download issue resolved - figlet-fonts 1.1-1 successfully installs in VM test *** TODO [#B] Improve error handling: UFW firewall, rmmod pcspkr, mkdir missing quotes -**** TODO [#B] Fix UFW firewall error handling (archsetup:395,410) +**** DONE [#B] Fix UFW firewall error handling (archsetup:395,410) +CLOSED: [2026-01-21 Wed] Firewall failures use ~|| error "error"~ which logs but continues - system may be left exposed Should use ~|| error "crash"~ or validate rules were applied successfully +RESOLVED: Added firewall verification after setup (checks "ufw status | grep Status: active"). +If verification fails, displays CRITICAL SECURITY WARNING in outro with manual fix commands. **** DONE [#B] Fix rmmod pcspkr error (archsetup:588) CLOSED: [2026-01-21 Wed] ~rmmod pcspkr~ doesn't check if module is loaded, produces error if already unloaded |