mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-09-19 13:44:43 -04:00
Compare commits
No commits in common. "7fd8e7356324fa16391f311c3ac89caa4d56aa3b" and "a2424b179baf1c1c29422a67a06f2923d33dc975" have entirely different histories.
7fd8e73563
...
a2424b179b
@ -24,10 +24,9 @@ unpriv(){
|
||||
sudo -u nobody "$@"
|
||||
}
|
||||
|
||||
# Compliance
|
||||
sudo systemctl mask ctrl-alt-del.target
|
||||
sudo systemctl mask debug-shell.service
|
||||
sudo systemctl mask kdump.service
|
||||
# Moving to the home directory
|
||||
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
|
||||
cd /home/"${USER}" || exit
|
||||
|
||||
# Setting umask to 077
|
||||
umask 077
|
||||
|
||||
@ -22,13 +22,6 @@ unpriv(){
|
||||
sudo -u nobody "$@"
|
||||
}
|
||||
|
||||
# Compliance
|
||||
sudo systemctl mask ctrl-alt-del.target
|
||||
sudo systemctl mask debug-shell.service
|
||||
|
||||
# Make home directory private
|
||||
chmod 700 /home/*
|
||||
|
||||
# Setup NTS
|
||||
sudo rm -rf /etc/chrony/chrony.conf
|
||||
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf
|
||||
|
||||
@ -20,10 +20,6 @@ output(){
|
||||
echo -e '\e[36m'"$1"'\e[0m';
|
||||
}
|
||||
|
||||
# Compliance
|
||||
systemctl mask ctrl-alt-del.target
|
||||
systemctl mask debug-shell.service
|
||||
|
||||
# Setup NTS
|
||||
rm -rf /etc/chrony/chrony.conf
|
||||
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf
|
||||
|
||||
@ -24,13 +24,6 @@ unpriv(){
|
||||
sudo -u nobody "$@"
|
||||
}
|
||||
|
||||
# Compliance
|
||||
sudo systemctl mask ctrl-alt-del.target
|
||||
sudo systemctl mask debug-shell.service
|
||||
|
||||
# Make home directory private
|
||||
chmod 700 /home/*
|
||||
|
||||
# Setup NTS
|
||||
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
|
||||
|
||||
|
||||
@ -33,12 +33,6 @@ sudo apt install -y usg
|
||||
sudo apt autoremove -y
|
||||
sudo usg fix cis_level2_workstation
|
||||
|
||||
sudo systemctl mask ctrl-alt-del.target
|
||||
sudo systemctl mask debug-shell.service
|
||||
|
||||
# Make home directory private
|
||||
chmod 700 /home/*
|
||||
|
||||
# Remove AIDE
|
||||
sudo apt purge -y aide*
|
||||
|
||||
@ -80,6 +74,14 @@ sudo sysctl -p
|
||||
# Rebuild initramfs
|
||||
sudo update-initramfs -u
|
||||
|
||||
# Disable telemetry
|
||||
sudo systemctl stop apport.service
|
||||
sudo systemctl disable apport.service
|
||||
sudo systemctl mask apport.service
|
||||
sudo systemctl stop whoopsie.service
|
||||
sudo systemctl disable whoopsie.service
|
||||
sudo systemctl mask whoopsie.service
|
||||
|
||||
# Systemd Hardening
|
||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||
|
||||
@ -33,12 +33,6 @@ sudo apt install -y usg curl libpam-pwquality
|
||||
sudo apt autoremove -y
|
||||
sudo usg fix cis_level2_server
|
||||
|
||||
sudo systemctl mask ctrl-alt-del.target
|
||||
sudo systemctl mask debug-shell.service
|
||||
|
||||
# Make home directory private
|
||||
chmod 700 /home/*
|
||||
|
||||
# Remove AIDE
|
||||
sudo apt purge -y aide*
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user