mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 09:31:34 -05:00
Compare commits
4 Commits
3e97fd298c
...
023cc46676
Author | SHA1 | Date | |
---|---|---|---|
023cc46676 | |||
4b9ae05218 | |||
5bc20644e6 | |||
f1508a7f01 |
@ -27,7 +27,7 @@ unpriv(){
|
|||||||
virtualization=$(systemd-detect-virt)
|
virtualization=$(systemd-detect-virt)
|
||||||
|
|
||||||
# Increase compression level
|
# Increase compression level
|
||||||
sudo sed -i 's/zstd:1/zstd:3/g' /etc/fstab
|
sudo sed -i 's/zstd:1/zstd/g' /etc/fstab
|
||||||
|
|
||||||
# Compliance
|
# Compliance
|
||||||
sudo systemctl mask debug-shell.service
|
sudo systemctl mask debug-shell.service
|
||||||
@ -70,9 +70,9 @@ sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_secur
|
|||||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
|
@ -27,7 +27,7 @@ unpriv(){
|
|||||||
virtualization=$(systemd-detect-virt)
|
virtualization=$(systemd-detect-virt)
|
||||||
|
|
||||||
# Increase compression level
|
# Increase compression level
|
||||||
sudo sed -i 's/zstd:1/zstd:3/g' /etc/fstab
|
sudo sed -i 's/zstd:1/zstd/g' /etc/fstab
|
||||||
|
|
||||||
# Compliance
|
# Compliance
|
||||||
sudo systemctl mask debug-shell.service
|
sudo systemctl mask debug-shell.service
|
||||||
@ -67,7 +67,7 @@ sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
|
|||||||
sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
|
@ -78,9 +78,9 @@ sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
|||||||
sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf
|
||||||
sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
@ -64,9 +64,9 @@ sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_secur
|
|||||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
|
@ -62,7 +62,7 @@ unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/us
|
|||||||
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo chmod 644 /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
sudo chmod 644 /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sysctl -p
|
sudo sysctl -p
|
||||||
|
|
||||||
# Rebuild initramfs
|
# Rebuild initramfs
|
||||||
@ -218,6 +218,6 @@ sudo hostnamectl hostname 'localhost'
|
|||||||
sudo hostnamectl --transient hostname ''
|
sudo hostnamectl --transient hostname ''
|
||||||
|
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl restart NetworkManager
|
sudo systemctl restart NetworkManager
|
@ -63,9 +63,9 @@ sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
|
|||||||
sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/kernel.yama.ptrace_scope.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all=1/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv4.icmp_echo_ignore_all.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all=1/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
sudo sed -i 's/net.ipv6.icmp.echo_ignore_all.*/net.ipv6.icmp.echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf
|
||||||
sudo sysctl -p
|
sudo sysctl -p
|
||||||
|
Loading…
Reference in New Issue
Block a user