mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-27 11:41:34 -05:00
Consistency fix
This commit is contained in:
GitHub
parent
ebf0284c32
commit
85ada77f4c
@ -11,9 +11,9 @@ sudo find /etc/apt/sources.list.d -type f -exec sudo sed -i 's/http:/https:/g' {
|
||||
# Update and install packages
|
||||
sudo apt update
|
||||
sudo apt upgrade -y
|
||||
sudo apt install -y --no-install-recommends tuned unbound resolvconf ufw
|
||||
|
||||
# Setup ufw
|
||||
sudo apt install ufw -y
|
||||
sudo ufw enable
|
||||
sudo ufw allow 22/tcp
|
||||
|
||||
@ -42,6 +42,9 @@ sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/s
|
||||
echo "* hard core 0" | tee -a /etc/security/limits.conf
|
||||
|
||||
# Setup unbound
|
||||
|
||||
sudo apt instal unbound resolvconf -y
|
||||
|
||||
echo 'server:
|
||||
trust-anchor-signaling: yes
|
||||
root-key-sentinel: yes
|
||||
@ -112,6 +115,7 @@ sudo systemctl restart unbound
|
||||
sudo systemctl disable --now systemd-resolved
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install tuned -y
|
||||
sudo tuned-adm profile virtual-guest
|
||||
|
||||
# Enable fstrim.timer
|
||||
|
||||
@ -49,10 +49,10 @@ sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/s
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart irqbalance
|
||||
|
||||
# Install packages
|
||||
sudo dnf install tuned unbound yara -y
|
||||
|
||||
# Setup unbound
|
||||
|
||||
sudo dnf install unbound -y
|
||||
|
||||
echo 'server:
|
||||
chroot: ""
|
||||
|
||||
@ -113,6 +113,8 @@ LockPersonality=yes' | sudo tee /etc/systemd/system/unbound.service.d/override.c
|
||||
|
||||
sudo systemctl enable --now unbound
|
||||
|
||||
# Setup yara
|
||||
sudo dnf install -y yara
|
||||
sudo insights-client --collector malware-detection
|
||||
sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
||||
|
||||
@ -121,7 +123,16 @@ sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-d
|
||||
sudo sed -i 's/apply_updates = no/apply_updates = yes\nreboot = when-needed/g' /etc/dnf/automatic.conf
|
||||
sudo systemctl enable --now dnf-automatic.timer
|
||||
|
||||
#Setup fwupd
|
||||
sudo dnf install fwupd -y
|
||||
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
|
||||
echo '[Service]
|
||||
ExecStart=/usr/bin/fwupdmgr update' | tee /etc/systemd/system/fwupd-refresh.service.d/override.conf
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install tuned -y
|
||||
sudo tuned-adm profile virtual-guest
|
||||
|
||||
# Enable fstrim.timer
|
||||
|
||||
@ -3,10 +3,13 @@
|
||||
#Please note that this is how I PERSONALLY setup my computer - I do some stuff such as not using anything to download GNOME extensions from extensions.gnome.org and installing the extensions as a package instead
|
||||
##The script assumes you already have Ubuntu Pro activated
|
||||
|
||||
# Compliance
|
||||
#Compliance and updates
|
||||
sudo ua enable usg
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt install -y usg
|
||||
sudo usg fix cis_level2_workstation
|
||||
sudo apt autoremove -y
|
||||
sudo usg fix cis_level2_server
|
||||
|
||||
# Remove AIDE
|
||||
sudo apt purge -y aide*
|
||||
@ -21,12 +24,6 @@ sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
|
||||
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
|
||||
echo "umask 077" | sudo tee --append /etc/profile
|
||||
|
||||
# Update and install packages
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt install -y curl
|
||||
sudo apt autoremove -y
|
||||
|
||||
# Setup NTS
|
||||
sudo systemctl disable systemd-timesyncd
|
||||
sudo apt install -y chrony
|
||||
@ -116,4 +113,5 @@ EOF
|
||||
sudo systemctl restart NetworkManager
|
||||
|
||||
# Enable fstrim.timer
|
||||
sudo apt install tuned -y
|
||||
sudo systemctl enable --now fstrim.timer
|
||||
@ -3,24 +3,20 @@
|
||||
#Meant to be run on Ubuntu Pro Minimal
|
||||
#The script assumes you already have Ubuntu Pro activated
|
||||
|
||||
#Compliance
|
||||
#Compliance and updates
|
||||
sudo ua enable usg
|
||||
sudo apt install -y usg
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt install -y usg curl libpam-pwquality
|
||||
sudo apt autoremove -y
|
||||
sudo usg fix cis_level2_server
|
||||
|
||||
# Remove AIDE
|
||||
sudo apt purge -y aide*
|
||||
|
||||
# Update and install packages
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt install -y curl fwupd libpam-pwquality tuned unbound
|
||||
sudo apt autoremove -y
|
||||
|
||||
# Setup NTS
|
||||
sudo systemctl disable systemd-timesyncd
|
||||
sudo systemctl disable --now systemd-timesyncd
|
||||
sudo apt install -y chrony
|
||||
rm -rf /etc/chrony/chrony.conf
|
||||
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony/chrony.conf
|
||||
sudo systemctl restart chronyd
|
||||
|
||||
@ -41,6 +37,9 @@ sudo systemctl daemon-reload
|
||||
sudo systemctl restart sshd
|
||||
|
||||
# Setup unbound
|
||||
|
||||
sudp apt install -y unbound
|
||||
|
||||
echo 'server:
|
||||
trust-anchor-signaling: yes
|
||||
root-key-sentinel: yes
|
||||
@ -123,6 +122,8 @@ sudo systemctl stop whoopsie.service
|
||||
sudo systemctl disable whoopsie.service
|
||||
sudo systemctl mask whoopsie.service
|
||||
|
||||
#Setup fwupd
|
||||
sudo apt install fwupd -y
|
||||
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
|
||||
echo '[Service]
|
||||
ExecStart=/usr/bin/fwupdmgr update' | tee /etc/systemd/system/fwupd-refresh.service.d/override.conf
|
||||
@ -130,6 +131,7 @@ sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
|
||||
# Setup tuned
|
||||
sudo apt install tuned -y
|
||||
sudo tuned-adm profile virtual-guest
|
||||
|
||||
# Enable fstrim.timer
|
||||
|
||||
Loading…
Reference in New Issue
Block a user