mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 11:41:33 -05:00
Rebuild initramfs
This commit is contained in:
parent
f8705da2e4
commit
d8a7235a8a
@ -55,6 +55,8 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
|
|||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=1/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=1/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
|
sudo dracut -f
|
||||||
|
sudo sysctl -p
|
||||||
|
|
||||||
# Systemd Hardening
|
# Systemd Hardening
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
|
@ -41,7 +41,12 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
|
|||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf -o /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
sudo curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf -o /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||||
|
sudo sysctl -p
|
||||||
|
|
||||||
|
# Rebuild initramfs
|
||||||
|
sudo update-initramfs -u
|
||||||
|
|
||||||
|
# Security limit
|
||||||
echo "* hard core 0" | tee -a /etc/security/limits.conf
|
echo "* hard core 0" | tee -a /etc/security/limits.conf
|
||||||
|
|
||||||
# Setup unbound
|
# Setup unbound
|
||||||
|
@ -43,6 +43,7 @@ sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g
|
|||||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
|
sudo dracut -f
|
||||||
sudo sysctl -p
|
sudo sysctl -p
|
||||||
|
|
||||||
# Systemd hardening
|
# Systemd hardening
|
||||||
|
@ -47,6 +47,18 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
|
|||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
|
sudo sysctl -p
|
||||||
|
|
||||||
|
# Rebuild initramfs
|
||||||
|
sudo update-initramfs -u
|
||||||
|
|
||||||
|
# Disable telemetry
|
||||||
|
sudo systemctl stop apport.service
|
||||||
|
sudo systemctl disable apport.service
|
||||||
|
sudo systemctl mask apport.service
|
||||||
|
sudo systemctl stop whoopsie.service
|
||||||
|
sudo systemctl disable whoopsie.service
|
||||||
|
sudo systemctl mask whoopsie.service
|
||||||
|
|
||||||
# Systemd Hardening
|
# Systemd Hardening
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
|
@ -128,7 +128,12 @@ sudo curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/
|
|||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/30_security-misc.conf
|
||||||
|
sudo sysctl -p
|
||||||
|
|
||||||
|
# Rebuild initramfs
|
||||||
|
sudo update-initramfs -u
|
||||||
|
|
||||||
|
# Disable telemetry
|
||||||
sudo systemctl stop apport.service
|
sudo systemctl stop apport.service
|
||||||
sudo systemctl disable apport.service
|
sudo systemctl disable apport.service
|
||||||
sudo systemctl mask apport.service
|
sudo systemctl mask apport.service
|
||||||
|
Loading…
Reference in New Issue
Block a user