mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-24 18:41:33 -05:00
Compare commits
No commits in common. "f89c1d6473f28664782d888a76bff6c0b3157739" and "ff5bbe912bb942b1bcfe6adae0c592b5ed8e8963" have entirely different histories.
f89c1d6473
...
ff5bbe912b
20
desktop.sh
20
desktop.sh
@ -251,21 +251,21 @@ sed -i 's,modconf block filesystems keyboard,keyboard modconf block encrypt file
|
|||||||
UUID=$(blkid $cryptroot | cut -f2 -d'"')
|
UUID=$(blkid $cryptroot | cut -f2 -d'"')
|
||||||
sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub
|
sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub
|
||||||
echo "" >> /mnt/etc/default/grub
|
echo "" >> /mnt/etc/default/grub
|
||||||
echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" -o /mnt/etc/default/grub
|
echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
|
||||||
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/10_linux
|
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/10_linux
|
||||||
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
|
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
|
||||||
|
|
||||||
# Enabling CPU Mitigations
|
# Enabling CPU Mitigations
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg -o /mnt/etc/grub.d/40_cpu_mitigations.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg >> /mnt/etc/grub.d/40_cpu_mitigations.cfg
|
||||||
|
|
||||||
# Distrusting the CPU
|
# Distrusting the CPU
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg -o /mnt/etc/grub.d/40_distrust_cpu.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg >> /mnt/etc/grub.d/40_distrust_cpu.cfg
|
||||||
|
|
||||||
# Enabling IOMMU
|
# Enabling IOMMU
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg -o /mnt/etc/grub.d/40_enable_iommu.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg >> /mnt/etc/grub.d/40_enable_iommu.cfg
|
||||||
|
|
||||||
# Enabling NTS
|
# Enabling NTS
|
||||||
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /mnt/etc/chrony.conf
|
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf >> /mnt/etc/chrony.conf
|
||||||
|
|
||||||
# Setting GRUB configuration file permissions
|
# Setting GRUB configuration file permissions
|
||||||
chmod 755 /mnt/etc/grub.d/*
|
chmod 755 /mnt/etc/grub.d/*
|
||||||
@ -282,14 +282,14 @@ sed -i 's/#write-cache/write-cache/g' /mnt/etc/apparmor/parser.conf
|
|||||||
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
|
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
|
||||||
|
|
||||||
# Blacklisting kernel modules
|
# Blacklisting kernel modules
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /mnt/etc/modprobe.d/30_security-misc.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf
|
||||||
chmod 600 /mnt/etc/modprobe.d/*
|
chmod 600 /mnt/etc/modprobe.d/*
|
||||||
|
|
||||||
# Security kernel settings.
|
# Security kernel settings.
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /mnt/etc/sysctl.d/990-security-misc.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf >> /mnt/etc/sysctl.d/30_security-misc.conf
|
||||||
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /mnt/etc/sysctl.d/990-security-misc.conf
|
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /mnt/etc/sysctl.d/30_security-misc.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /mnt/etc/sysctl.d/30_silent-kernel-printk.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf >> /mnt/etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /mnt/etc/sysctl.d/30_security-misc_kexec-disable.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf >> /mnt/etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
chmod 600 /mnt/etc/sysctl.d/*
|
chmod 600 /mnt/etc/sysctl.d/*
|
||||||
|
|
||||||
# Remove nullok from system-auth
|
# Remove nullok from system-auth
|
||||||
|
18
server.sh
18
server.sh
@ -244,16 +244,16 @@ sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/10_linux
|
|||||||
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
|
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
|
||||||
|
|
||||||
# Enabling CPU Mitigations
|
# Enabling CPU Mitigations
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg -o /mnt/etc/grub.d/40_cpu_mitigations.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg >> /mnt/etc/grub.d/40_cpu_mitigations.cfg
|
||||||
|
|
||||||
# Distrusting the CPU
|
# Distrusting the CPU
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg -o /mnt/etc/grub.d/40_distrust_cpu.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg >> /mnt/etc/grub.d/40_distrust_cpu.cfg
|
||||||
|
|
||||||
# Enabling IOMMU
|
# Enabling IOMMU
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg -o /mnt/etc/grub.d/40_enable_iommu.cfg
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg >> /mnt/etc/grub.d/40_enable_iommu.cfg
|
||||||
|
|
||||||
# Enabling NTS
|
# Enabling NTS
|
||||||
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /mnt/etc/chrony.conf
|
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf >> /mnt/etc/chrony.conf
|
||||||
|
|
||||||
# Setting GRUB configuration file permissions
|
# Setting GRUB configuration file permissions
|
||||||
chmod 755 /mnt/etc/grub.d/*
|
chmod 755 /mnt/etc/grub.d/*
|
||||||
@ -270,14 +270,14 @@ sed -i 's/#write-cache/write-cache/g' /mnt/etc/apparmor/parser.conf
|
|||||||
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
|
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
|
||||||
|
|
||||||
# Blacklisting kernel modules
|
# Blacklisting kernel modules
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /mnt/etc/modprobe.d/30_security-misc.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf
|
||||||
chmod 600 /mnt/etc/modprobe.d/*
|
chmod 600 /mnt/etc/modprobe.d/*
|
||||||
|
|
||||||
# Security kernel settings.
|
# Security kernel settings.
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /mnt/etc/sysctl.d/990-security-misc.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf >> /mnt/etc/sysctl.d/30_security-misc.conf
|
||||||
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /mnt/etc/sysctl.d/990-security-misc.conf
|
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /mnt/etc/sysctl.d/30_security-misc.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /mnt/etc/sysctl.d/30_silent-kernel-printk.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf >> /mnt/etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /mnt/etc/sysctl.d/30_security-misc_kexec-disable.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf >> /mnt/etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
chmod 600 /mnt/etc/sysctl.d/*
|
chmod 600 /mnt/etc/sysctl.d/*
|
||||||
|
|
||||||
# Remove nullok from system-auth
|
# Remove nullok from system-auth
|
||||||
|
Loading…
Reference in New Issue
Block a user