From b5a9b2d94a01bb3b2fd5f8bed2d968a95ef64d8f Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 5 Jun 2023 22:54:42 -0700 Subject: [PATCH] Update and rename Ubuntu-22.04-Desktop to Ubuntu-22.04-Desktop.sh Signed-off-by: Tommy --- Ubuntu-22.04-Desktop | 14 ------------- Ubuntu-22.04-Desktop.sh | 45 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 14 deletions(-) delete mode 100644 Ubuntu-22.04-Desktop create mode 100644 Ubuntu-22.04-Desktop.sh diff --git a/Ubuntu-22.04-Desktop b/Ubuntu-22.04-Desktop deleted file mode 100644 index 1701214..0000000 --- a/Ubuntu-22.04-Desktop +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -#Please note that this is how I PERSONALLY setup my computer - I do some stuff such as not using anything to download GNOME extensions from extensions.gnome.org and installing the extensions as a package instead -#Customize it to your liking -#Run this script as your admin user, NOT root - -#Setting umask to 077 -umask 077 -sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf -sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs -sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs -echo "umask 077" | sudo tee --append /etc/profile - -apt purge -y gnome-calculator diff --git a/Ubuntu-22.04-Desktop.sh b/Ubuntu-22.04-Desktop.sh new file mode 100644 index 0000000..8fff4f8 --- /dev/null +++ b/Ubuntu-22.04-Desktop.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +#Please note that this is how I PERSONALLY setup my computer - I do some stuff such as not using anything to download GNOME extensions from extensions.gnome.org and installing the extensions as a package instead +#Customize it to your liking +#Run this script as your admin user, NOT root + +#Setting umask to 077 +umask 077 +sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf +sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs +sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs +echo "umask 077" | sudo tee --append /etc/profile + +#Security kernel settings +sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf +sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc.conf -o /etc/sysctl.d/30_security-misc.conf +sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf +sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf + +#Systemd Hardening +sudo mkdir -p /etc/systemd/system/NetworkManager.service.d +sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf -o /etc/systemd/system/NetworkManager.service.d/99-brace.conf +sudo mkdir -p /etc/systemd/system/irqbalance.service.d +sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/irqbalance.service.d/99-brace.conf -o /etc/systemd/system/irqbalance.service.d/99-brace.conf +sudo mkdir -p /etc/systemd/system/sshd.service.d +sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/limits.conf -o /etc/systemd/system/sshd.service.d/limits.conf + +echo "GSSAPIAuthentication no" | sudo tee /etc/ssh/ssh_config.d/10-custom.conf +echo "VerifyHostKeyDNS yes" | sudo tee -a /etc/ssh/ssh_config.d/10-custom.conf + +#Disable crash reports +gsettings set com.ubuntu.update-notifier show-apport-crashes false +ubuntu-report -f send no +sudo systemctl stop apport.service +sudo systemctl disable apport.service +sudo systemctl mask apport.service +sudo systemctl stop whoopsie.service +sudo systemctl disable whoopsie.service +sudo systemctl mask whoopsie.service + +#Remove unneeded packages +apt purge -y gnome-calculator + +#Install packages that I use +apt install -y gnome-console