Check for active Intel backdoor
This commit is contained in:
parent
a5f3548b75
commit
d6222879d2
|
@ -371,6 +371,18 @@ function disable_nfs_insecure_locks {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function check_for_AMT {
|
||||||
|
if [[ $ARCHITECTURE == 'arm'* ]]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
pci_hardware=$(lspci)
|
||||||
|
if [[ "$pci_hardware" == *"MEI"* || "$pci_hardware" == *"HECI"* ]]; then
|
||||||
|
echo $'Intel Active Management Technology (Management Engine) was detected. This is an active backdoor.'
|
||||||
|
exit 782352
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
function set_login_umask {
|
function set_login_umask {
|
||||||
sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs
|
sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs
|
||||||
}
|
}
|
||||||
|
@ -601,6 +613,9 @@ function setup_utils {
|
||||||
read_config_param "PROJECT_REPO"
|
read_config_param "PROJECT_REPO"
|
||||||
write_config_param "PROJECT_REPO" "$PROJECT_REPO"
|
write_config_param "PROJECT_REPO" "$PROJECT_REPO"
|
||||||
|
|
||||||
|
function_check check_for_AMT
|
||||||
|
check_for_AMT
|
||||||
|
|
||||||
function_check separate_tmp_filesystem
|
function_check separate_tmp_filesystem
|
||||||
separate_tmp_filesystem 150
|
separate_tmp_filesystem 150
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue