chore: several audit script improvements

files/system/usr/share/ublue-os/just/70-secureblue.just

@@ -489,10 +489,12 @@ audit-secureblue:
     fi
 
     EXTENSIONS_TEST_STRING="Ensuring GNOME user extensions are disabled"
-    if [ "$(gsettings get org.gnome.shell allow-extension-installation)" = "false" ]; then
-        print_status "$EXTENSIONS_TEST_STRING" "$STATUS_SUCCESS"
-    else
-        print_status "$EXTENSIONS_TEST_STRING" "$STATUS_FAILURE"
+    if command -v gsettings &> /dev/null; then
+        if [ "$(gsettings get org.gnome.shell allow-extension-installation)" = "false" ]; then
+            print_status "$EXTENSIONS_TEST_STRING" "$STATUS_SUCCESS"
+        else
+            print_status "$EXTENSIONS_TEST_STRING" "$STATUS_FAILURE"
+        fi
     fi
 
     SELINUX_TEST_STRING="Ensuring SELinux is in Enforcing mode"
@@ -559,3 +561,28 @@ audit-secureblue:
         done
     fi
 
+    GHNS_TEST_STRING="Ensuring KDE GHNS is disabled"
+    KDE_GLOBALS_FILE="/etc/xdg/kdeglobals"
+    GHNS_STRING="$(grep 'ghns=false' $KDE_GLOBALS_FILE)"
+    if test -e $KDE_GLOBALS_FILE; then
+        if [[ $GHNS_STRING == "ghns=false" ]]; then
+            print_status "$GHNS_TEST_STRING" "$STATUS_SUCCESS"
+        else
+            print_status "$GHNS_TEST_STRING" "$STATUS_FAILURE"
+        fi
+    fi
+
+    HARDENED_MALLOC_TEST_STRING="Ensuring hardened_malloc is set in ld.so.preload"
+    if diff /usr/etc/ld.so.preload /etc/ld.so.preload > /dev/null; then
+        print_status "$HARDENED_MALLOC_TEST_STRING" "$STATUS_SUCCESS"
+    else
+        print_status "$HARDENED_MALLOC_TEST_STRING" "$STATUS_FAILURE"
+    fi
+
+    SECUREBOOT_TEST_STRING="Ensuring secure boot is enabled"
+    if [ "$(mokutil --sb-state)" == "SecureBoot enabled" ]; then
+        print_status "$SECUREBOOT_TEST_STRING" "$STATUS_SUCCESS"
+    else
+        print_status "$SECUREBOOT_TEST_STRING" "$STATUS_FAILURE"
+    fi
+