1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-09 11:41:33 -05:00

Compare commits

..

2 Commits

Author SHA1 Message Date
0c8ae2fa24
Lockdown firewalld on RHEL
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-12 01:21:56 -07:00
9c942cf89e
CtrlAltDelBurstAction=none
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-12 01:20:52 -07:00
6 changed files with 14 additions and 9 deletions

View File

@ -28,6 +28,7 @@ unpriv(){
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
sudo systemctl mask kdump.service
echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
# Setting umask to 077
umask 077

View File

@ -25,6 +25,7 @@ unpriv(){
# Compliance
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
# Make home directory private
chmod 700 /home/*

View File

@ -23,6 +23,7 @@ output(){
# Compliance
systemctl mask ctrl-alt-del.target
systemctl mask debug-shell.service
echo 'CtrlAltDelBurstAction=none' | tee -a /etc/systemd/system.conf
# Setup NTS
rm -rf /etc/chrony/chrony.conf

View File

@ -27,9 +27,8 @@ unpriv(){
# Compliance
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*
sudo systemctl mask kdump.service
echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
# Setup NTS
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
@ -43,6 +42,7 @@ sudo systemctl restart chronyd
sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --reload
sudo firewall-cmd --lockdown-on
# Harden SSH
mkdir -p /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d

View File

@ -26,6 +26,10 @@ unpriv(){
}
#Compliance and updates
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
sudo ua enable usg
sudo apt update -y
sudo apt full-upgrade -y
@ -33,9 +37,6 @@ sudo apt install -y usg
sudo apt autoremove -y
sudo usg fix cis_level2_workstation
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*

View File

@ -26,6 +26,10 @@ unpriv(){
}
#Compliance and updates
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
sudo ua enable usg
sudo apt update -y
sudo apt full-upgrade -y
@ -33,9 +37,6 @@ sudo apt install -y usg curl libpam-pwquality
sudo apt autoremove -y
sudo usg fix cis_level2_server
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*