Fedora-Workstation-38.sh

@@ -24,10 +24,9 @@ unpriv(){
     sudo -u nobody "$@"
 }
 
-# Compliance
+# Moving to the home directory
-sudo systemctl mask ctrl-alt-del.target
+#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
-sudo systemctl mask debug-shell.service
+cd /home/"${USER}" || exit
-sudo systemctl mask kdump.service
 
 # Setting umask to 077
 umask 077

GCP-Debian-11.sh

@@ -22,13 +22,6 @@ unpriv(){
   sudo -u nobody "$@"
 }
 
-# Compliance
-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
-# Make home directory private
-chmod 700 /home/*
-
 # Setup NTS
 sudo rm -rf /etc/chrony/chrony.conf
 unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf

Proxmox-8.sh

@@ -20,10 +20,6 @@ output(){
     echo -e '\e[36m'"$1"'\e[0m';
 }
 
-# Compliance
-systemctl mask ctrl-alt-del.target
-systemctl mask debug-shell.service
-
 # Setup NTS
 rm -rf /etc/chrony/chrony.conf
 curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf

RHEL-Server-9.sh

@@ -24,13 +24,6 @@ unpriv(){
   sudo -u nobody "$@"
 }
 
-# Compliance
-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
-# Make home directory private
-chmod 700 /home/*
-
 # Setup NTS
 sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
 

Ubuntu-22.04-Desktop.sh

@@ -33,12 +33,6 @@ sudo apt install -y usg
 sudo apt autoremove -y
 sudo usg fix cis_level2_workstation
 
-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
-# Make home directory private
-chmod 700 /home/*
-
 # Remove AIDE
 sudo apt purge -y aide*
 
@@ -80,6 +74,14 @@ sudo sysctl -p
 # Rebuild initramfs
 sudo update-initramfs -u
 
+# Disable telemetry
+sudo systemctl stop apport.service
+sudo systemctl disable apport.service
+sudo systemctl mask apport.service
+sudo systemctl stop whoopsie.service
+sudo systemctl disable whoopsie.service
+sudo systemctl mask whoopsie.service
+
 # Systemd Hardening
 sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
 unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf

Ubuntu-22.04-Server.sh

@@ -33,12 +33,6 @@ sudo apt install -y usg curl libpam-pwquality
 sudo apt autoremove -y
 sudo usg fix cis_level2_server
 
-sudo systemctl mask ctrl-alt-del.target
-sudo systemctl mask debug-shell.service
-
-# Make home directory private
-chmod 700 /home/*
-
 # Remove AIDE
 sudo apt purge -y aide*