updated the installer so that it should actually work

scripts/02-hardening.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 set -e
 
-echo "Applying system hardening..."
+echo "Applying Miasma OS system hardening..."
 
-echo "Configuring kernel parameters..."
-cat > /etc/sysctl.d/99-hardening.conf << 'EOF'
+# Configure kernel parameters
+cat > /etc/sysctl.d/99-miasma-hardening.conf << 'EOF'
+# Miasma OS Security Hardening
 kernel.dmesg_restrict = 1
 kernel.kptr_restrict = 2
 kernel.unprivileged_bpf_disabled = 1
@@ -21,17 +22,28 @@ net.ipv4.conf.default.send_redirects = 0
 net.ipv4.icmp_echo_ignore_all = 1
 EOF
 
-echo "Configuring firewall..."
-pacman -S --noconfirm --needed ufw
-systemctl enable ufw
-ufw default deny incoming
-ufw default allow outgoing
-ufw enable
+# Configure nftables (replacing ufw)
+pacman -S --noconfirm --needed nftables
+systemctl enable nftables
+# Basic nftables rules will be configured on first boot
 
-echo "Setting secure umask..."
+# Set secure umask
 echo "umask 077" >> /etc/profile
 
-echo "Disabling core dumps..."
+# Disable core dumps
 echo "* hard core 0" >> /etc/security/limits.conf
 
-echo "System hardening complete!"
+# Blacklist vulnerable modules (based on Secureblue)
+cat > /etc/modprobe.d/blacklist-miasma.conf << 'EOF'
+# Miasma OS module blacklisting
+blacklist dccp
+blacklist sctp
+blacklist rds
+blacklist tipc
+blacklist n_hdlc
+blacklist bluetooth
+blacklist net-pf-31
+blacklist uvcvideo
+EOF
+
+echo "System hardening complete!"