Support for Arch Linux (or just more generic checks that would work on all distributions)

[wknapik]

• Firewall check expects ufw or firewalld #39
• The openssh package in Arch is not split between the server and client tools. I don't run sshd, but need the client tools. The ssh configuration check fails, even though there's no risk.
• The checks for ssh keys claim the keys are password protected and use strong encryption, even though the tool never saw any of my keys (which are not stored at ~/.ssh).
• The encryption check is failing, even though encryption via luks is enabled.  #45
• The secure boot check is skipped, even though secure boot is enabled.

  % od --address-radix=n --format=u1 /sys/firmware/efi/efivars/SecureBoot-*|tr -s ' ' '\t'|cut -f6
  1
  %

• The docker check is failing, even though the docker group has no members. The test expects exit code 1 from docker run --rm hello-world, but it's 126 on my system.
• The check for system updates could be improved #52
  • The check times out on snapd, if the daemon isn't running. I don't use snap packages, except for occasional testing of the Brave snap, so I only enable the daemon on-demand.
  • The check for pacman updates only runs -Qu, but never calls -Sy, so it's not adequate to determine if updates are available. Also, there's no check for AUR updates.
• The root helper fails instantly with no error messages, incl. when started as root. With --verbose, it says

  Failed to create listener: file file+net socket: getsockopt: socket operation on non-socket
  

[fmarier]

[ ] The firewall check expects firewalld, or ufw, which are not necessary to set up a firewall, so the check fails if neither are used, but a firewall is active.

I filed a separate issue (#39) to track this one since it's not Arch-specific and there seems to be another problem related to that check.

[dz0ny]

Support for Arch Linux has been added with the release of 0.0.71. Temporary instructions are available at https://pkg.paretosecurity.com/#:~:text=Archlinux%2Dbased%20distributions. Let me know how it goes and if you have issues installing the app.

For the remaining issues and suggestions, there will be separate tickets.

[wknapik]

The instructions at https://pkg.paretosecurity.com/ appear to be broken in a variety of ways, across distros.

The copy-pasteable code doesn't work (sometimes due to missing newlines, or ;/&&, sometimes due to invalid code; sometimes necessary steps are missing), the key for pacman is owned by [email protected] (was expecting @paretosecurity.com), the url for the arch repo returns a 404...

Could you please publish the package to AUR? Then we'll be able to install with a standard one-liner.

[wknapik]

0.0.72@914c8e132534b62c1892a5b546f789b302df7e21 2025-01-17T20:10:52Z

I'd expect this system to pass all checks. At the moment, I get:

• Skipped: ssh keys, docker, firewall, ssh server
• Failing: encryption
• Timed out: updates