mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 01:21:33 -05:00
Compare commits
4 Commits
3e97fd298c
...
023cc46676
Author | SHA1 | Date | |
---|---|---|---|
023cc46676 | |||
4b9ae05218 | |||
5bc20644e6 | |||
f1508a7f01 |
@ -27,7 +27,7 @@ unpriv(){
|
||||
virtualization=$(systemd-detect-virt)
|
||||
|
||||
# Increase compression level
|
||||
sudo sed -i 's/zstd:1/zstd:3/g' /etc/fstab
|
||||
sudo sed -i 's/zstd:1/zstd/g' /etc/fstab
|
||||
|
||||
# Compliance
|
||||
sudo systemctl mask debug-shell.service
|
||||
@ -70,9 +70,9 @@ sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_secur
|
||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
|
@ -27,7 +27,7 @@ unpriv(){
|
||||
virtualization=$(systemd-detect-virt)
|
||||
|
||||
# Increase compression level
|
||||
sudo sed -i 's/zstd:1/zstd:3/g' /etc/fstab
|
||||
sudo sed -i 's/zstd:1/zstd/g' /etc/fstab
|
||||
|
||||
# Compliance
|
||||
sudo systemctl mask debug-shell.service
|
||||
@ -67,7 +67,7 @@ sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
|
||||
sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
|
@ -78,9 +78,9 @@ sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
||||
sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
||||
sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
sysctl -p
|
||||
|
@ -64,9 +64,9 @@ sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_secur
|
||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
|
@ -62,7 +62,7 @@ unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/us
|
||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
sudo chmod 644 /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sysctl -p
|
||||
|
||||
# Rebuild initramfs
|
||||
@ -218,6 +218,6 @@ sudo hostnamectl hostname 'localhost'
|
||||
sudo hostnamectl --transient hostname ''
|
||||
|
||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||
curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart NetworkManager
|
@ -63,9 +63,9 @@ sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
||||
sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||
sudo sysctl -p
|
||||
|
Loading…
Reference in New Issue
Block a user