1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-27 11:41:34 -05:00

Consistency fix

This commit is contained in:
Tommy 2023-08-22 17:46:56 -07:00 committed by GitHub
parent ebf0284c32
commit 85ada77f4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 22 deletions

View File

@ -11,9 +11,9 @@ sudo find /etc/apt/sources.list.d -type f -exec sudo sed -i 's/http:/https:/g' {
# Update and install packages
sudo apt update
sudo apt upgrade -y
sudo apt install -y --no-install-recommends tuned unbound resolvconf ufw
# Setup ufw
sudo apt install ufw -y
sudo ufw enable
sudo ufw allow 22/tcp
@ -42,6 +42,9 @@ sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/s
echo "* hard core 0" | tee -a /etc/security/limits.conf
# Setup unbound
sudo apt instal unbound resolvconf -y
echo 'server:
trust-anchor-signaling: yes
root-key-sentinel: yes
@ -112,6 +115,7 @@ sudo systemctl restart unbound
sudo systemctl disable --now systemd-resolved
# Setup tuned
sudo dnf install tuned -y
sudo tuned-adm profile virtual-guest
# Enable fstrim.timer

View File

@ -49,10 +49,10 @@ sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/s
sudo systemctl daemon-reload
sudo systemctl restart irqbalance
# Install packages
sudo dnf install tuned unbound yara -y
# Setup unbound
sudo dnf install unbound -y
echo 'server:
chroot: ""
@ -113,6 +113,8 @@ LockPersonality=yes' | sudo tee /etc/systemd/system/unbound.service.d/override.c
sudo systemctl enable --now unbound
# Setup yara
sudo dnf install -y yara
sudo insights-client --collector malware-detection
sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
@ -121,7 +123,16 @@ sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-d
sudo sed -i 's/apply_updates = no/apply_updates = yes\nreboot = when-needed/g' /etc/dnf/automatic.conf
sudo systemctl enable --now dnf-automatic.timer
#Setup fwupd
sudo dnf install fwupd -y
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
echo '[Service]
ExecStart=/usr/bin/fwupdmgr update' | tee /etc/systemd/system/fwupd-refresh.service.d/override.conf
sudo systemctl daemon-reload
sudo systemctl enable --now fwupd-refresh.timer
# Setup tuned
sudo dnf install tuned -y
sudo tuned-adm profile virtual-guest
# Enable fstrim.timer

View File

@ -3,10 +3,13 @@
#Please note that this is how I PERSONALLY setup my computer - I do some stuff such as not using anything to download GNOME extensions from extensions.gnome.org and installing the extensions as a package instead
##The script assumes you already have Ubuntu Pro activated
# Compliance
#Compliance and updates
sudo ua enable usg
sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y usg
sudo usg fix cis_level2_workstation
sudo apt autoremove -y
sudo usg fix cis_level2_server
# Remove AIDE
sudo apt purge -y aide*
@ -21,12 +24,6 @@ sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
echo "umask 077" | sudo tee --append /etc/profile
# Update and install packages
sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y curl
sudo apt autoremove -y
# Setup NTS
sudo systemctl disable systemd-timesyncd
sudo apt install -y chrony
@ -116,4 +113,5 @@ EOF
sudo systemctl restart NetworkManager
# Enable fstrim.timer
sudo apt install tuned -y
sudo systemctl enable --now fstrim.timer

View File

@ -3,24 +3,20 @@
#Meant to be run on Ubuntu Pro Minimal
#The script assumes you already have Ubuntu Pro activated
#Compliance
#Compliance and updates
sudo ua enable usg
sudo apt install -y usg
sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y usg curl libpam-pwquality
sudo apt autoremove -y
sudo usg fix cis_level2_server
# Remove AIDE
sudo apt purge -y aide*
# Update and install packages
sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y curl fwupd libpam-pwquality tuned unbound
sudo apt autoremove -y
# Setup NTS
sudo systemctl disable systemd-timesyncd
sudo systemctl disable --now systemd-timesyncd
sudo apt install -y chrony
rm -rf /etc/chrony/chrony.conf
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony/chrony.conf
sudo systemctl restart chronyd
@ -41,6 +37,9 @@ sudo systemctl daemon-reload
sudo systemctl restart sshd
# Setup unbound
sudp apt install -y unbound
echo 'server:
trust-anchor-signaling: yes
root-key-sentinel: yes
@ -123,6 +122,8 @@ sudo systemctl stop whoopsie.service
sudo systemctl disable whoopsie.service
sudo systemctl mask whoopsie.service
#Setup fwupd
sudo apt install fwupd -y
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
echo '[Service]
ExecStart=/usr/bin/fwupdmgr update' | tee /etc/systemd/system/fwupd-refresh.service.d/override.conf
@ -130,6 +131,7 @@ sudo systemctl daemon-reload
sudo systemctl enable --now fwupd-refresh.timer
# Setup tuned
sudo apt install tuned -y
sudo tuned-adm profile virtual-guest
# Enable fstrim.timer