From fb62de7ddc810fd9b645f20a3a6f830c8b862e08 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 15 Jan 2024 05:49:11 -0700 Subject: [PATCH] Disable bluetooth on servers Signed-off-by: Tommy --- GCP-Debian-11.sh | 2 ++ Proxmox-8.sh | 2 ++ RHEL-Server-9.sh | 2 ++ Ubuntu-22.04-Server.sh | 2 ++ 4 files changed, 8 insertions(+) diff --git a/GCP-Debian-11.sh b/GCP-Debian-11.sh index d1ab580..0be657c 100644 --- a/GCP-Debian-11.sh +++ b/GCP-Debian-11.sh @@ -60,6 +60,8 @@ sudo systemctl restart sshd unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf sudo chmod 644 /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf sudo chmod 644 /etc/sysctl.d/990-security-misc.conf sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf diff --git a/Proxmox-8.sh b/Proxmox-8.sh index fe9377b..de2c6b7 100644 --- a/Proxmox-8.sh +++ b/Proxmox-8.sh @@ -68,6 +68,8 @@ proxmox-boot-tool refresh # Kernel hardening curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf +sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf +sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh index 3a6f2ee..37592b9 100644 --- a/RHEL-Server-9.sh +++ b/RHEL-Server-9.sh @@ -59,6 +59,8 @@ sudo systemctl restart sshd # Kernel hardening unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf diff --git a/Ubuntu-22.04-Server.sh b/Ubuntu-22.04-Server.sh index 319979f..3ab0225 100644 --- a/Ubuntu-22.04-Server.sh +++ b/Ubuntu-22.04-Server.sh @@ -70,6 +70,8 @@ sudo systemctl restart sshd # Kernel hardening unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf +sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf