mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-24 10:31:34 -05:00
Enabled IPv6 privacy and disabled su for non-wheel users
This commit is contained in:
parent
677a48f15e
commit
363a61cd98
24
install.sh
24
install.sh
@ -269,6 +269,22 @@ chmod 600 /mnt/etc/udev/rules.d/*
|
|||||||
# Remove nullok from system-auth
|
# Remove nullok from system-auth
|
||||||
sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth
|
sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth
|
||||||
|
|
||||||
|
# Disable coredump
|
||||||
|
echo "* hard core 0" >> /mnt/etc/security/limits.conf
|
||||||
|
|
||||||
|
# Disable su for non-wheel users
|
||||||
|
bash -c 'cat > /mnt/etc/pam.d/su' <<-'EOF'
|
||||||
|
#%PAM-1.0
|
||||||
|
auth sufficient pam_rootok.so
|
||||||
|
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||||
|
#auth sufficient pam_wheel.so trust use_uid
|
||||||
|
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||||
|
auth required pam_wheel.so use_uid
|
||||||
|
auth required pam_unix.so
|
||||||
|
account required pam_unix.so
|
||||||
|
session required pam_unix.so
|
||||||
|
EOF
|
||||||
|
|
||||||
# ZRAM configuration
|
# ZRAM configuration
|
||||||
bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF'
|
bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF'
|
||||||
[zram0]
|
[zram0]
|
||||||
@ -297,6 +313,14 @@ EOF
|
|||||||
|
|
||||||
chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf
|
chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf
|
||||||
|
|
||||||
|
# Enable IPv6 privacy extensions
|
||||||
|
bash -c 'cat > /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf' <<-'EOF'
|
||||||
|
[connection]
|
||||||
|
ipv6.ip6-privacy=2
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
|
||||||
|
|
||||||
# Configuring the system.
|
# Configuring the system.
|
||||||
arch-chroot /mnt /bin/bash -e <<EOF
|
arch-chroot /mnt /bin/bash -e <<EOF
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user