Make sure home dirs are private

Signed-off-by: Tommy <contact@tommytran.io>

GCP-Debian-11.sh

@@ -26,6 +26,9 @@ unpriv(){
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
 
+# Make home directory private
+chmod 700 /home/*
+
 # Setup NTS
 sudo rm -rf /etc/chrony/chrony.conf
 unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf

RHEL-Server-9.sh

@@ -28,6 +28,9 @@ unpriv(){
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
 
+# Make home directory private
+chmod 700 /home/*
+
 # Setup NTS
 sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
 

Ubuntu-22.04-Desktop.sh

@@ -36,6 +36,9 @@ sudo usg fix cis_level2_workstation
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
 
+# Make home directory private
+chmod 700 /home/*
+
 # Remove AIDE
 sudo apt purge -y aide*
 

Ubuntu-22.04-Server.sh

@@ -36,6 +36,9 @@ sudo usg fix cis_level2_server
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
 
+# Make home directory private
+chmod 700 /home/*
+
 # Remove AIDE
 sudo apt purge -y aide*