1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-22 09:31:34 -05:00

Update Ubuntu-Desktop-20.04-LTS.sh

This commit is contained in:
TommyTran732 2021-04-04 08:07:04 -04:00 committed by GitHub
parent 948ae604d6
commit 42445c2033
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,29 +15,6 @@ output(){
echo -e '\e[36m'$1'\e[0m'; echo -e '\e[36m'$1'\e[0m';
} }
promptPassphrase() {
PASS=""
PASSCONF=""
while [ -z "$PASS" ]; do
read -s -p "Passphrase: " PASS
echo ""
done
while [ -z "$PASSCONF" ]; do
read -s -p "Confirm passphrase: " PASSCONF
echo ""
done
echo ""
}
getPassphrase() {
promptPassphrase
while [ "$PASS" != "$PASSCONF" ]; do
output "Passphrases did not match, try again..."
promptPassphrase
done
}
#Moving to the home directory #Moving to the home directory
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.) #Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
cd /home/${USER} || exit cd /home/${USER} || exit
@ -48,23 +25,10 @@ sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
echo "umask 077" | sudo tee --append /etc/profile echo "umask 077" | sudo tee --append /etc/profile
#Disabling shell access for new users
sudo sed -ie '/^SHELL=/ s/=.*\+/=\/usr\/sbin\/nologin/' /etc/default/useradd
sudo sed -ie '/^DSHELL=/ s/=.*\+/=\/usr\/sbin\/nologin/' /etc/adduser.conf
#Disabling su for normal users
sudo dpkg-statoverride --update --add root adm 4750 /bin/su
#Make home directory private #Make home directory private
chmod -R o-rwx /home/${USER} chmod -R o-rwx /home/${USER}
chmod -R g-rwx /home/${USER} chmod -R g-rwx /home/${USER}
#Remove unnecessary permissions
sudo chmod o-w /var/crash
sudo chmod o-w /var/metrics
sudo chmod o-w /var/tmp
#Disable crash reports #Disable crash reports
gsettings set com.ubuntu.update-notifier show-apport-crashes false gsettings set com.ubuntu.update-notifier show-apport-crashes false
ubuntu-report -f send no ubuntu-report -f send no
@ -76,25 +40,12 @@ sudo systemctl disable whoopsie.service
sudo systemctl mask whoopsie.service sudo systemctl mask whoopsie.service
#Disable ptrace #Disable ptrace
sudo sed -i `s/kernel.yama.ptrace_scope = 1/kernel.yama.ptrace_scope = 3/g` /etc/sysctl.d/10-ptrace.conf sudo sed -i 's/kernel.yama.ptrace_scope = 1/kernel.yama.ptrace_scope = 3/g' /etc/sysctl.d/10-ptrace.conf
sudo sysctl --load=/etc/sysctl.d/10-ptrace.conf sudo sysctl --load=/etc/sysctl.d/10-ptrace.conf
#Blacklist Firewire SBP2 #Blacklist Firewire SBP2
echo "blacklist firewire-sbp2" | sudo tee /etc/modprobe.d/blacklist.conf echo "blacklist firewire-sbp2" | sudo tee /etc/modprobe.d/blacklist.conf
#GRUB hardening (Thanks to https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts)
echo -e "${HIGHLIGHT}Configuring grub...${NC}"
output "Please enter a grub sysadmin passphrase..."
getPassphrase
echo "set superusers=\"sysadmin\"" | sudo tee --append /etc/grub.d/40_custom
echo -e "$PASS\n$PASS" | grub-mkpasswd-pbkdf2 | tail -n1 | awk -F" " '{print "password_pbkdf2 sysadmin " $7}' | sudo tee --append /etc/grub.d/40_custom
sudo sed -ie '/echo "menuentry / s/echo "menuentry /echo "menuentry --unrestricted /' /etc/grub.d/10_linux
sudo sed -ie '/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/"$/ module.sig_enforce=yes"/' /etc/default/grub
echo "GRUB_SAVEDEFAULT=false" | sudo tee --append /etc/default/grub
sudo update-grub
#Enable UFW #Enable UFW
sudo ufw enable sudo ufw enable
@ -104,7 +55,7 @@ sudo apt upgrade -y
sudp apt autoremove -y sudp apt autoremove -y
sudo fwupdmgr get-devices sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates sudo fwupdmgr get-updates -y
sudo fwupdmgr update -y sudo fwupdmgr update -y
#Remove unneeded packages #Remove unneeded packages
@ -117,7 +68,7 @@ sudo snap remove snap-store
sudo add-apt-repository ppa:alexlarsson/flatpak -y sudo add-apt-repository ppa:alexlarsson/flatpak -y
sudo apt update sudo apt update
sudo apt upgrade -y sudo apt upgrade -y
sudo apt -y install neofetch gnome-software flatpak gnome-software-plugin-flatpak firejail apparmor-profiles apparmor-profiles-extra apparmor-utils gnome-tweak-tool git-core gnome-session-wayland libpam-pwquality sudo apt -y install neofetch gnome-software flatpak gnome-software-plugin-flatpak firejail apparmor-profiles apparmor-profiles-extra apparmor-utils gnome-tweak-tool git-core gnome-session-wayland libpam-pwquality python3-pip
#Put all AppArmor profiles into enforcing mode #Put all AppArmor profiles into enforcing mode
sudo aa-enforce /etc/apparmor. d/* sudo aa-enforce /etc/apparmor. d/*
@ -184,7 +135,7 @@ find /home/${USER}/Mojave-CT -name '*[Ee]piphany*' -exec rm {} \;
gsettings set org.gnome.desktop.interface icon-theme "Arc" gsettings set org.gnome.desktop.interface icon-theme "Arc"
#Set GTK theme #Set GTK theme
gsettings set org.gnome.desktop.interface gtk-theme "Yaru-Dark" gsettings set org.gnome.desktop.interface gtk-theme "Yaru-dark"
flatpak upgrade -y flatpak upgrade -y
#Set Ubuntu 20.04 LTS Wallpaper #Set Ubuntu 20.04 LTS Wallpaper
@ -204,7 +155,7 @@ git clone https://github.com/ekistece/GetExtensions.git
pip3 install ./GetExtensions --user pip3 install ./GetExtensions --user
#Reenable Wayland... They are working to support it, and if you aren't gaming you shouldn't stay on x11 anyways #Reenable Wayland... They are working to support it, and if you aren't gaming you shouldn't stay on x11 anyways
sudo sed -i 's^DRIVER=="nvidia", RUN+="/usr/libexec/gdm-disable-wayland"^#DRIVER=="nvidia", RUN+="/usr/libexec/gdm-disable-wayland"^g' /usr/lib/udev/rules.d/61-gdm.rules sudo sed -i 's^DRIVER=="nvidia", RUN+="/usr/lib/gdm3/gdm-disable-wayland"^#DRIVER=="nvidia", RUN+="/usr/lib/gdm3/gdm-disable-wayland"^g' /usr/lib/udev/rules.d/61-gdm.rules
#Randomize MAC address #Randomize MAC address
sudo bash -c 'cat > /etc/NetworkManager/conf.d/00-macrandomize.conf' <<-'EOF' sudo bash -c 'cat > /etc/NetworkManager/conf.d/00-macrandomize.conf' <<-'EOF'