From 7fd8e7356324fa16391f311c3ac89caa4d56aa3b Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 7 Dec 2023 17:26:53 -0700 Subject: [PATCH] Make sure home dirs are private Signed-off-by: Tommy --- GCP-Debian-11.sh | 3 +++ RHEL-Server-9.sh | 3 +++ Ubuntu-22.04-Desktop.sh | 3 +++ Ubuntu-22.04-Server.sh | 3 +++ 4 files changed, 12 insertions(+) diff --git a/GCP-Debian-11.sh b/GCP-Debian-11.sh index 7614565..3654be4 100644 --- a/GCP-Debian-11.sh +++ b/GCP-Debian-11.sh @@ -26,6 +26,9 @@ unpriv(){ sudo systemctl mask ctrl-alt-del.target sudo systemctl mask debug-shell.service +# Make home directory private +chmod 700 /home/* + # Setup NTS sudo rm -rf /etc/chrony/chrony.conf unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh index c5d0fa2..d541e04 100644 --- a/RHEL-Server-9.sh +++ b/RHEL-Server-9.sh @@ -28,6 +28,9 @@ unpriv(){ sudo systemctl mask ctrl-alt-del.target sudo systemctl mask debug-shell.service +# Make home directory private +chmod 700 /home/* + # Setup NTS sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf diff --git a/Ubuntu-22.04-Desktop.sh b/Ubuntu-22.04-Desktop.sh index 8695387..bd807f6 100644 --- a/Ubuntu-22.04-Desktop.sh +++ b/Ubuntu-22.04-Desktop.sh @@ -36,6 +36,9 @@ sudo usg fix cis_level2_workstation sudo systemctl mask ctrl-alt-del.target sudo systemctl mask debug-shell.service +# Make home directory private +chmod 700 /home/* + # Remove AIDE sudo apt purge -y aide* diff --git a/Ubuntu-22.04-Server.sh b/Ubuntu-22.04-Server.sh index 58a4a84..a5b6673 100644 --- a/Ubuntu-22.04-Server.sh +++ b/Ubuntu-22.04-Server.sh @@ -36,6 +36,9 @@ sudo usg fix cis_level2_server sudo systemctl mask ctrl-alt-del.target sudo systemctl mask debug-shell.service +# Make home directory private +chmod 700 /home/* + # Remove AIDE sudo apt purge -y aide*