mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-09-07 16:23:30 -04:00
Compare commits
2 Commits
5c7a2850e6
...
46ea5f81bf
| Author | SHA1 | Date | |
|---|---|---|---|
46ea5f81bf
|
|||
|
533c8c3e73
|
@ -128,6 +128,11 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
|
||||
sudo systemctl enable --now unbound
|
||||
sudo systemctl disable systemd-resolved
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
# Setup fwupd
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
sudo dnf install -y fwupd
|
||||
@ -140,11 +145,6 @@ if [ "$virtualization" = 'none' ]; then
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
fi
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install -y tuned
|
||||
sudo systemctl enable --now tuned
|
||||
@ -155,17 +155,6 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
|
||||
# Setup real-ucode
|
||||
MACHINE_TYPE=$(uname -m)
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||
sudo firewall-cmd --reload
|
||||
|
||||
@ -219,15 +219,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
|
||||
sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
|
||||
fi
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Setup tuned
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
|
||||
@ -238,15 +238,6 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
# Setup real-ucode
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --set-default-zone=block
|
||||
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
||||
|
||||
26
RHEL-9.sh
26
RHEL-9.sh
@ -89,6 +89,12 @@ sudo systemctl enable --now dnf-automatic.timer
|
||||
# Remove unnecessary packages
|
||||
sudo dnf remove -y cockpit*
|
||||
|
||||
# Install hardened_malloc
|
||||
sudo dnf copr enable secureblue/hardened_malloc -y
|
||||
sudo dnf install -y hardened_malloc
|
||||
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
|
||||
sudo chmod 644 /etc/ld.so.preload
|
||||
|
||||
# Install appropriate virtualization drivers
|
||||
if [ "$virtualization" = 'kvm' ]; then
|
||||
sudo dnf install -y qemu-guest-agent
|
||||
@ -160,6 +166,11 @@ sudo systemctl enable --now unbound
|
||||
#sudo insights-client --collector malware-detection
|
||||
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup fwupd
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
sudo dnf install -y fwupd
|
||||
@ -172,11 +183,6 @@ if [ "$virtualization" = 'none' ]; then
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
fi
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install -y tuned
|
||||
sudo systemctl enable --now tuned
|
||||
@ -187,16 +193,6 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
# Setup real-ucode
|
||||
MACHINE_TYPE=$(uname -m)
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||
sudo firewall-cmd --reload
|
||||
|
||||
Loading…
Reference in New Issue
Block a user