mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-12-23 07:12:07 -05:00
Update Fedora-WorkStation-33.sh
This commit is contained in:
parent
8dcc133c04
commit
09238a9e42
@ -58,6 +58,18 @@ sudo sysctl --load=/etc/sysctl.d/10-default-yama-scope.conf
|
||||
#Blacklist Firewire SBP2
|
||||
echo "blacklist firewire-sbp2" | sudo tee /etc/modprobe.d/blacklist.conf
|
||||
|
||||
#GRUB hardening (Thanks to https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts)
|
||||
echo -e "${HIGHLIGHT}Configuring grub...${NC}"
|
||||
output "Please enter a grub sysadmin passphrase..."
|
||||
getPassphrase
|
||||
|
||||
echo "set superusers=\"sysadmin\"" >> /etc/grub.d/40_custom
|
||||
echo -e "$PASS\n$PASS" | grub-mkpasswd-pbkdf2 | tail -n1 | awk -F" " '{print "password_pbkdf2 sysadmin " $7}' >> /etc/grub.d/40_custom
|
||||
sed -ie '/echo "menuentry / s/echo "menuentry /echo "menuentry --unrestricted /' /etc/grub.d/10_linux
|
||||
sed -ie '/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/"$/ module.sig_enforce=yes"/' /etc/default/grub
|
||||
echo "GRUB_SAVEDEFAULT=false" >> /etc/default/grub
|
||||
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
|
||||
|
||||
#Setup Firewalld
|
||||
sudo firewall-cmd --permanent --remove-port=1025-65535/udp
|
||||
sudo firewall-cmd --permanent --remove-port=1025-65535/tcp
|
||||
|
Loading…
Reference in New Issue
Block a user