From 363a61cd9875f7d6feb4bfa3c6611afab065d65a Mon Sep 17 00:00:00 2001
From: TommyTran732 <tommytran732@protonmail.com>
Date: Wed, 29 Sep 2021 17:26:01 -0400
Subject: [PATCH] Enabled IPv6 privacy and disabled su for non-wheel users

---
 install.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/install.sh b/install.sh
index f6fba8c..4163576 100644
--- a/install.sh
+++ b/install.sh
@@ -269,6 +269,22 @@ chmod 600 /mnt/etc/udev/rules.d/*
 # Remove nullok from system-auth
 sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth
 
+# Disable coredump
+echo "* hard core 0" >> /mnt/etc/security/limits.conf
+
+# Disable su for non-wheel users
+bash -c 'cat > /mnt/etc/pam.d/su' <<-'EOF'
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth		sufficient	pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+auth		required	pam_wheel.so use_uid
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
+EOF
+
 # ZRAM configuration
 bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF'
 [zram0]
@@ -297,6 +313,14 @@ EOF
 
 chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf
 
+# Enable IPv6 privacy extensions
+bash -c 'cat > /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf' <<-'EOF'
+[connection]
+ipv6.ip6-privacy=2
+EOF
+
+chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
+
 # Configuring the system.    
 arch-chroot /mnt /bin/bash -e <<EOF