Check for active Intel backdoor

This commit is contained in:
Bob Mottram 2017-05-02 10:59:31 +01:00
parent a5f3548b75
commit d6222879d2
1 changed files with 15 additions and 0 deletions

View File

@ -371,6 +371,18 @@ function disable_nfs_insecure_locks {
fi fi
} }
function check_for_AMT {
if [[ $ARCHITECTURE == 'arm'* ]]; then
return
fi
pci_hardware=$(lspci)
if [[ "$pci_hardware" == *"MEI"* || "$pci_hardware" == *"HECI"* ]]; then
echo $'Intel Active Management Technology (Management Engine) was detected. This is an active backdoor.'
exit 782352
fi
}
function set_login_umask { function set_login_umask {
sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs
} }
@ -601,6 +613,9 @@ function setup_utils {
read_config_param "PROJECT_REPO" read_config_param "PROJECT_REPO"
write_config_param "PROJECT_REPO" "$PROJECT_REPO" write_config_param "PROJECT_REPO" "$PROJECT_REPO"
function_check check_for_AMT
check_for_AMT
function_check separate_tmp_filesystem function_check separate_tmp_filesystem
separate_tmp_filesystem 150 separate_tmp_filesystem 150