mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-09-19 13:44:43 -04:00
Compare commits
No commits in common. "46ea5f81bfa845085aee64fdf10a98a1287f1153" and "5c7a2850e63ea77214c8457bd98cb1b26fb2268d" have entirely different histories.
46ea5f81bf
...
5c7a2850e6
@ -128,11 +128,6 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
|
|||||||
sudo systemctl enable --now unbound
|
sudo systemctl enable --now unbound
|
||||||
sudo systemctl disable systemd-resolved
|
sudo systemctl disable systemd-resolved
|
||||||
|
|
||||||
### Differentiating bare metal and virtual installs
|
|
||||||
|
|
||||||
# Enable auto TRIM
|
|
||||||
sudo systemctl enable fstrim.timer
|
|
||||||
|
|
||||||
# Setup fwupd
|
# Setup fwupd
|
||||||
if [ "$virtualization" = 'none' ]; then
|
if [ "$virtualization" = 'none' ]; then
|
||||||
sudo dnf install -y fwupd
|
sudo dnf install -y fwupd
|
||||||
@ -145,6 +140,11 @@ if [ "$virtualization" = 'none' ]; then
|
|||||||
sudo systemctl enable --now fwupd-refresh.timer
|
sudo systemctl enable --now fwupd-refresh.timer
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable auto TRIM
|
||||||
|
sudo systemctl enable fstrim.timer
|
||||||
|
|
||||||
|
### Differentiating bare metal and virtual installs
|
||||||
|
|
||||||
# Setup tuned
|
# Setup tuned
|
||||||
sudo dnf install -y tuned
|
sudo dnf install -y tuned
|
||||||
sudo systemctl enable --now tuned
|
sudo systemctl enable --now tuned
|
||||||
@ -155,6 +155,17 @@ else
|
|||||||
sudo tuned-adm profile virtual-guest
|
sudo tuned-adm profile virtual-guest
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Setup real-ucode
|
||||||
|
MACHINE_TYPE=$(uname -m)
|
||||||
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
sudo dnf install -y real-ucode
|
||||||
|
sudo dracut -f
|
||||||
|
fi
|
||||||
|
|
||||||
# Setup networking
|
# Setup networking
|
||||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||||
sudo firewall-cmd --reload
|
sudo firewall-cmd --reload
|
||||||
|
|||||||
@ -219,15 +219,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
|
|||||||
sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
|
sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Setup fwupd
|
||||||
|
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||||
|
sudo systemctl restart fwupd
|
||||||
|
|
||||||
# Enable auto TRIM
|
# Enable auto TRIM
|
||||||
sudo systemctl enable fstrim.timer
|
sudo systemctl enable fstrim.timer
|
||||||
|
|
||||||
### Differentiating bare metal and virtual installs
|
### Differentiating bare metal and virtual installs
|
||||||
|
|
||||||
# Setup fwupd
|
|
||||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
|
||||||
sudo systemctl restart fwupd
|
|
||||||
|
|
||||||
# Setup tuned
|
# Setup tuned
|
||||||
if [ "$virtualization" = 'none' ]; then
|
if [ "$virtualization" = 'none' ]; then
|
||||||
output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
|
output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
|
||||||
@ -238,6 +238,15 @@ else
|
|||||||
sudo tuned-adm profile virtual-guest
|
sudo tuned-adm profile virtual-guest
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Setup real-ucode
|
||||||
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
sudo dnf install -y real-ucode
|
||||||
|
sudo dracut -f
|
||||||
|
fi
|
||||||
|
|
||||||
# Setup networking
|
# Setup networking
|
||||||
sudo firewall-cmd --set-default-zone=block
|
sudo firewall-cmd --set-default-zone=block
|
||||||
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
||||||
|
|||||||
26
RHEL-9.sh
26
RHEL-9.sh
@ -89,12 +89,6 @@ sudo systemctl enable --now dnf-automatic.timer
|
|||||||
# Remove unnecessary packages
|
# Remove unnecessary packages
|
||||||
sudo dnf remove -y cockpit*
|
sudo dnf remove -y cockpit*
|
||||||
|
|
||||||
# Install hardened_malloc
|
|
||||||
sudo dnf copr enable secureblue/hardened_malloc -y
|
|
||||||
sudo dnf install -y hardened_malloc
|
|
||||||
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
|
|
||||||
sudo chmod 644 /etc/ld.so.preload
|
|
||||||
|
|
||||||
# Install appropriate virtualization drivers
|
# Install appropriate virtualization drivers
|
||||||
if [ "$virtualization" = 'kvm' ]; then
|
if [ "$virtualization" = 'kvm' ]; then
|
||||||
sudo dnf install -y qemu-guest-agent
|
sudo dnf install -y qemu-guest-agent
|
||||||
@ -166,11 +160,6 @@ sudo systemctl enable --now unbound
|
|||||||
#sudo insights-client --collector malware-detection
|
#sudo insights-client --collector malware-detection
|
||||||
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
||||||
|
|
||||||
# Enable auto TRIM
|
|
||||||
sudo systemctl enable fstrim.timer
|
|
||||||
|
|
||||||
### Differentiating bare metal and virtual installs
|
|
||||||
|
|
||||||
# Setup fwupd
|
# Setup fwupd
|
||||||
if [ "$virtualization" = 'none' ]; then
|
if [ "$virtualization" = 'none' ]; then
|
||||||
sudo dnf install -y fwupd
|
sudo dnf install -y fwupd
|
||||||
@ -183,6 +172,11 @@ if [ "$virtualization" = 'none' ]; then
|
|||||||
sudo systemctl enable --now fwupd-refresh.timer
|
sudo systemctl enable --now fwupd-refresh.timer
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable auto TRIM
|
||||||
|
sudo systemctl enable fstrim.timer
|
||||||
|
|
||||||
|
### Differentiating bare metal and virtual installs
|
||||||
|
|
||||||
# Setup tuned
|
# Setup tuned
|
||||||
sudo dnf install -y tuned
|
sudo dnf install -y tuned
|
||||||
sudo systemctl enable --now tuned
|
sudo systemctl enable --now tuned
|
||||||
@ -193,6 +187,16 @@ else
|
|||||||
sudo tuned-adm profile virtual-guest
|
sudo tuned-adm profile virtual-guest
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Setup real-ucode
|
||||||
|
MACHINE_TYPE=$(uname -m)
|
||||||
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
sudo dnf install -y real-ucode
|
||||||
|
sudo dracut -f
|
||||||
|
fi
|
||||||
|
|
||||||
# Setup networking
|
# Setup networking
|
||||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||||
sudo firewall-cmd --reload
|
sudo firewall-cmd --reload
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user