1
0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-11-24 10:31:34 -05:00

Enabled IPv6 privacy and disabled su for non-wheel users

This commit is contained in:
TommyTran732 2021-09-29 17:26:01 -04:00 committed by tommytran732
parent 677a48f15e
commit 363a61cd98
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -269,6 +269,22 @@ chmod 600 /mnt/etc/udev/rules.d/*
# Remove nullok from system-auth # Remove nullok from system-auth
sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth
# Disable coredump
echo "* hard core 0" >> /mnt/etc/security/limits.conf
# Disable su for non-wheel users
bash -c 'cat > /mnt/etc/pam.d/su' <<-'EOF'
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
EOF
# ZRAM configuration # ZRAM configuration
bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF' bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF'
[zram0] [zram0]
@ -297,6 +313,14 @@ EOF
chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf
# Enable IPv6 privacy extensions
bash -c 'cat > /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf' <<-'EOF'
[connection]
ipv6.ip6-privacy=2
EOF
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
# Configuring the system. # Configuring the system.
arch-chroot /mnt /bin/bash -e <<EOF arch-chroot /mnt /bin/bash -e <<EOF