1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-09 03:31:33 -05:00

Update Fedora-WorkStation-33.sh

This commit is contained in:
TommyTran732 2021-04-04 07:55:33 -04:00 committed by GitHub
parent 595833a7e6
commit 948ae604d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,29 +15,6 @@ output(){
echo -e '\e[36m'$1'\e[0m';
}
promptPassphrase() {
PASS=""
PASSCONF=""
while [ -z "$PASS" ]; do
read -s -p "Passphrase: " PASS
echo ""
done
while [ -z "$PASSCONF" ]; do
read -s -p "Confirm passphrase: " PASSCONF
echo ""
done
echo ""
}
getPassphrase() {
promptPassphrase
while [ "$PASS" != "$PASSCONF" ]; do
output "Passphrases did not match, try again..."
promptPassphrase
done
}
#Moving to the home directory
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
cd /home/${USER} || exit
@ -59,18 +36,6 @@ sudo sysctl --load=/etc/sysctl.d/10-default-yama-scope.conf
#Blacklist Firewire SBP2
echo "blacklist firewire-sbp2" | sudo tee /etc/modprobe.d/blacklist.conf
#GRUB hardening (Thanks to https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts)
echo -e "${HIGHLIGHT}Configuring grub...${NC}"
output "Please enter a grub sysadmin passphrase..."
getPassphrase
echo "set superusers=\"sysadmin\"" | sudo tee --append /etc/grub.d/40_custom
echo -e "$PASS\n$PASS" | grub-mkpasswd-pbkdf2 | tail -n1 | awk -F" " '{print "password_pbkdf2 sysadmin " $7}' | sudo tee --append /etc/grub.d/40_custom
sudo sed -ie '/echo "menuentry / s/echo "menuentry /echo "menuentry --unrestricted /' /etc/grub.d/10_linux
sudo sed -ie '/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/"$/ module.sig_enforce=yes"/' /etc/default/grub
echo "GRUB_SAVEDEFAULT=false" | sudo tee --append /etc/default/grub
sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
#Setup Firewalld
sudo firewall-cmd --permanent --remove-port=1025-65535/udp
sudo firewall-cmd --permanent --remove-port=1025-65535/tcp