Lockdown firewalld on RHEL

Signed-off-by: Tommy <contact@tommytran.io>
CtrlAltDelBurstAction=none
2024-11-09 11:41:33 -05:00 · 2023-12-12 01:21:56 -07:00 · 2023-12-12 01:20:52 -07:00
6 changed files with 14 additions and 9 deletions
--- a/Fedora-Workstation-38.sh
+++ b/Fedora-Workstation-38.sh
@ -28,6 +28,7 @@ unpriv(){
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
 sudo systemctl mask kdump.service
+echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf

 # Setting umask to 077
 umask 077
--- a/GCP-Debian-11.sh
+++ b/GCP-Debian-11.sh
@ -25,6 +25,7 @@ unpriv(){
 # Compliance
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
+echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf

 # Make home directory private
 chmod 700 /home/*
--- a/Proxmox-8.sh
+++ b/Proxmox-8.sh
@ -23,6 +23,7 @@ output(){
 # Compliance
 systemctl mask ctrl-alt-del.target
 systemctl mask debug-shell.service
+echo 'CtrlAltDelBurstAction=none' | tee -a /etc/systemd/system.conf

 # Setup NTS
 rm -rf /etc/chrony/chrony.conf
--- a/RHEL-Server-9.sh
+++ b/RHEL-Server-9.sh
@ -27,9 +27,8 @@ unpriv(){
 # Compliance
 sudo systemctl mask ctrl-alt-del.target
 sudo systemctl mask debug-shell.service
-
-# Make home directory private
-chmod 700 /home/*
+sudo systemctl mask kdump.service
+echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf

 # Setup NTS
 sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
@ -43,6 +42,7 @@ sudo systemctl restart chronyd

 sudo firewall-cmd --permanent --remove-service=cockpit
 sudo firewall-cmd --reload
+sudo firewall-cmd --lockdown-on

 # Harden SSH
 mkdir -p /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
--- a/Ubuntu-22.04-Desktop.sh
+++ b/Ubuntu-22.04-Desktop.sh
@ -26,6 +26,10 @@ unpriv(){
 }

 #Compliance and updates
+sudo systemctl mask ctrl-alt-del.target
+sudo systemctl mask debug-shell.service
+echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
+
 sudo ua enable usg
 sudo apt update -y
 sudo apt full-upgrade -y
@ -33,9 +37,6 @@ sudo apt install -y usg
 sudo apt autoremove -y
 sudo usg fix cis_level2_workstation

-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
 # Make home directory private
 chmod 700 /home/*

--- a/Ubuntu-22.04-Server.sh
+++ b/Ubuntu-22.04-Server.sh
@ -26,6 +26,10 @@ unpriv(){
 }

 #Compliance and updates
+sudo systemctl mask ctrl-alt-del.target
+sudo systemctl mask debug-shell.service
+echo 'CtrlAltDelBurstAction=none' | sudo tee -a /etc/systemd/system.conf
+
 sudo ua enable usg
 sudo apt update -y
 sudo apt full-upgrade -y
@ -33,9 +37,6 @@ sudo apt install -y usg curl libpam-pwquality
 sudo apt autoremove -y
 sudo usg fix cis_level2_server

-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
 # Make home directory private
 chmod 700 /home/*
Author	SHA1	Message	Date
Tommy	0c8ae2fa24	Lockdown firewalld on RHEL Signed-off-by: Tommy <contact@tommytran.io>	2023-12-12 01:21:56 -07:00
Tommy	9c942cf89e	CtrlAltDelBurstAction=none Signed-off-by: Tommy <contact@tommytran.io>	2023-12-12 01:20:52 -07:00