From 8c82daa4c1d03061e6d7ea092f5a4414aa61cfa6 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Thu, 24 Aug 2023 13:42:41 -0700
Subject: [PATCH] Update sysctl

---
 Fedora-Workstation-38.sh | 1 +
 Ubuntu-22.04-Desktop.sh  | 1 +
 Ubuntu-22.04-Server.sh   | 5 ++++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Fedora-Workstation-38.sh b/Fedora-Workstation-38.sh
index 2e4c797..be43eae 100644
--- a/Fedora-Workstation-38.sh
+++ b/Fedora-Workstation-38.sh
@@ -51,6 +51,7 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf -o /etc/sysctl.d/30_security-misc.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
+sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=1/g' /etc/sysctl.d/30_security-misc.conf
 
 # Systemd Hardening
 sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
diff --git a/Ubuntu-22.04-Desktop.sh b/Ubuntu-22.04-Desktop.sh
index 20bb492..a8891a8 100644
--- a/Ubuntu-22.04-Desktop.sh
+++ b/Ubuntu-22.04-Desktop.sh
@@ -47,6 +47,7 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf -o /etc/sysctl.d/30_security-misc.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
+sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
 
 # Systemd Hardening
 sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
diff --git a/Ubuntu-22.04-Server.sh b/Ubuntu-22.04-Server.sh
index 2998af8..ecbeb8f 100644
--- a/Ubuntu-22.04-Server.sh
+++ b/Ubuntu-22.04-Server.sh
@@ -29,7 +29,7 @@ sudo ufw allow OpenSSH
 
 # Harden SSH
 echo "GSSAPIAuthentication no
-echo "VerifyHostKeyDNS yes" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
+echo "VerifyHostKeyDNS yes"" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
 sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
 sudo mkdir -p /etc/systemd/system/sshd.service.d
 sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/local.conf
@@ -114,6 +114,9 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf -o /etc/sysctl.d/30_security-misc.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
 sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
+sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
+sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
+sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
 
 sudo systemctl stop apport.service
 sudo systemctl disable apport.service