mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-27 20:01:33 -05:00
Enabled IPv6 privacy and disabled su for non-wheel users
This commit is contained in:
parent
677a48f15e
commit
363a61cd98
24
install.sh
24
install.sh
@ -269,6 +269,22 @@ chmod 600 /mnt/etc/udev/rules.d/*
|
||||
# Remove nullok from system-auth
|
||||
sed -i 's/nullok//g' /mnt/etc/pam.d/system-auth
|
||||
|
||||
# Disable coredump
|
||||
echo "* hard core 0" >> /mnt/etc/security/limits.conf
|
||||
|
||||
# Disable su for non-wheel users
|
||||
bash -c 'cat > /mnt/etc/pam.d/su' <<-'EOF'
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
||||
EOF
|
||||
|
||||
# ZRAM configuration
|
||||
bash -c 'cat > /mnt/etc/systemd/zram-generator.conf' <<-'EOF'
|
||||
[zram0]
|
||||
@ -297,6 +313,14 @@ EOF
|
||||
|
||||
chmod 600 /mnt/etc/NetworkManager/conf.d/20-connectivity.conf
|
||||
|
||||
# Enable IPv6 privacy extensions
|
||||
bash -c 'cat > /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf' <<-'EOF'
|
||||
[connection]
|
||||
ipv6.ip6-privacy=2
|
||||
EOF
|
||||
|
||||
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
|
||||
|
||||
# Configuring the system.
|
||||
arch-chroot /mnt /bin/bash -e <<EOF
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user