mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 09:31:34 -05:00
Compare commits
No commits in common. "7fd8e7356324fa16391f311c3ac89caa4d56aa3b" and "a2424b179baf1c1c29422a67a06f2923d33dc975" have entirely different histories.
7fd8e73563
...
a2424b179b
@ -24,10 +24,9 @@ unpriv(){
|
|||||||
sudo -u nobody "$@"
|
sudo -u nobody "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
# Moving to the home directory
|
||||||
sudo systemctl mask ctrl-alt-del.target
|
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
|
||||||
sudo systemctl mask debug-shell.service
|
cd /home/"${USER}" || exit
|
||||||
sudo systemctl mask kdump.service
|
|
||||||
|
|
||||||
# Setting umask to 077
|
# Setting umask to 077
|
||||||
umask 077
|
umask 077
|
||||||
|
@ -22,13 +22,6 @@ unpriv(){
|
|||||||
sudo -u nobody "$@"
|
sudo -u nobody "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
|
||||||
sudo systemctl mask ctrl-alt-del.target
|
|
||||||
sudo systemctl mask debug-shell.service
|
|
||||||
|
|
||||||
# Make home directory private
|
|
||||||
chmod 700 /home/*
|
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo rm -rf /etc/chrony/chrony.conf
|
sudo rm -rf /etc/chrony/chrony.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf
|
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf
|
||||||
|
@ -20,10 +20,6 @@ output(){
|
|||||||
echo -e '\e[36m'"$1"'\e[0m';
|
echo -e '\e[36m'"$1"'\e[0m';
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
|
||||||
systemctl mask ctrl-alt-del.target
|
|
||||||
systemctl mask debug-shell.service
|
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
rm -rf /etc/chrony/chrony.conf
|
rm -rf /etc/chrony/chrony.conf
|
||||||
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf
|
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf
|
||||||
|
@ -24,13 +24,6 @@ unpriv(){
|
|||||||
sudo -u nobody "$@"
|
sudo -u nobody "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
|
||||||
sudo systemctl mask ctrl-alt-del.target
|
|
||||||
sudo systemctl mask debug-shell.service
|
|
||||||
|
|
||||||
# Make home directory private
|
|
||||||
chmod 700 /home/*
|
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
|
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf
|
||||||
|
|
||||||
|
@ -33,12 +33,6 @@ sudo apt install -y usg
|
|||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
sudo usg fix cis_level2_workstation
|
sudo usg fix cis_level2_workstation
|
||||||
|
|
||||||
sudo systemctl mask ctrl-alt-del.target
|
|
||||||
sudo systemctl mask debug-shell.service
|
|
||||||
|
|
||||||
# Make home directory private
|
|
||||||
chmod 700 /home/*
|
|
||||||
|
|
||||||
# Remove AIDE
|
# Remove AIDE
|
||||||
sudo apt purge -y aide*
|
sudo apt purge -y aide*
|
||||||
|
|
||||||
@ -80,6 +74,14 @@ sudo sysctl -p
|
|||||||
# Rebuild initramfs
|
# Rebuild initramfs
|
||||||
sudo update-initramfs -u
|
sudo update-initramfs -u
|
||||||
|
|
||||||
|
# Disable telemetry
|
||||||
|
sudo systemctl stop apport.service
|
||||||
|
sudo systemctl disable apport.service
|
||||||
|
sudo systemctl mask apport.service
|
||||||
|
sudo systemctl stop whoopsie.service
|
||||||
|
sudo systemctl disable whoopsie.service
|
||||||
|
sudo systemctl mask whoopsie.service
|
||||||
|
|
||||||
# Systemd Hardening
|
# Systemd Hardening
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||||
|
@ -33,12 +33,6 @@ sudo apt install -y usg curl libpam-pwquality
|
|||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
sudo usg fix cis_level2_server
|
sudo usg fix cis_level2_server
|
||||||
|
|
||||||
sudo systemctl mask ctrl-alt-del.target
|
|
||||||
sudo systemctl mask debug-shell.service
|
|
||||||
|
|
||||||
# Make home directory private
|
|
||||||
chmod 700 /home/*
|
|
||||||
|
|
||||||
# Remove AIDE
|
# Remove AIDE
|
||||||
sudo apt purge -y aide*
|
sudo apt purge -y aide*
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user