Typo fixes

Signed-off-by: Tommy <contact@tommytran.io>

Fedora-Server-40.sh

@@ -80,7 +80,7 @@ fi
 # Disable coredump
 umask 022
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
-mkdir -p /etc/systemd/coredump.conf.d
+sudo mkdir -p /etc/systemd/coredump.conf.d
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 

Fedora-Workstation-40.sh

@@ -91,7 +91,7 @@ fi
 # Disable coredump
 umask 022
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
-mkdir -p /etc/systemd/coredump.conf.d
+sudo mkdir -p /etc/systemd/coredump.conf.d
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 

Proxmox-8.sh

@@ -78,7 +78,6 @@ chmod 644 /etc/modprobe.d/server-blacklist.conf
 sed -i 's/kernel_io_uring_disable = 2/#ernel_io_uring_disable = 2/g'
 curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-server.conf | tee /etc/sysctl.d/99-server.conf
 chmod 644 /etc/sysctl.d/99-server.conf
-dracut -f
 sysctl -p
 
 # Rebuild initramfs
@@ -86,9 +85,9 @@ update-initramfs -u
 
 # Disable coredump
 umask 022
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
+unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | tee /etc/security/limits.d/30-disable-coredump.conf
 mkdir -p /etc/systemd/coredump.conf.d
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
+unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 
 # Harden SSH

RHEL-9.sh

@@ -69,7 +69,7 @@ sudo grubby --update-kernel=ALL --args='mitigations=auto,nosmt spectre_v2=on spe
 # Disable coredump
 umask 022
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
-mkdir -p /etc/systemd/coredump.conf.d
+sudo mkdir -p /etc/systemd/coredump.conf.d
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 

Ubuntu-23.10-Desktop.sh

@@ -61,7 +61,6 @@ fi
 sudo chmod 644 /etc/modprobe.d/workstation-blacklist.conf
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf | sudo tee /etc/sysctl.d/99-workstation.conf
 sudo chmod 644 /etc/sysctl.d/99-workstation.conf
-sudo dracut -f
 sudo sysctl -p
 
 # Rebuild initramfs
@@ -70,7 +69,7 @@ sudo update-initramfs -u
 # Disable coredump
 umask 022
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
-mkdir -p /etc/systemd/coredump.conf.d
+sudo mkdir -p /etc/systemd/coredump.conf.d
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 

Ubuntu-24.04-Server.sh

@@ -62,7 +62,6 @@ unpriv curl https://raw.githubusercontent.com/secureblue/secureblue/live/config/
 sudo chmod 644 /etc/modprobe.d/server-blacklist.conf
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-server.conf | sudo tee /etc/sysctl.d/99-server.conf
 sudo chmod 644 /etc/sysctl.d/99-server.conf
-sudo dracut -f
 sudo sysctl -p
 
 # Rebuild initramfs
@@ -71,7 +70,7 @@ sudo update-initramfs -u
 # Disable coredump
 umask 022
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
-mkdir -p /etc/systemd/coredump.conf.d
+sudo mkdir -p /etc/systemd/coredump.conf.d
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | sudo tee /etc/systemd/coredump.conf.d/disable.conf
 umask 077
 

etc/sysctl.d/99-server.conf

@@ -71,8 +71,8 @@ net.ipv6.conf.*.accept_redirects = 0
 net.ipv4.conf.*.rp_filter = 1
 
 # Respond to ICMP
-net.ipv4.icmp_echo_ignore_all = 1
-net.ipv6.icmp.echo_ignore_all = 1
+net.ipv4.icmp_echo_ignore_all = 0
+net.ipv6.icmp.echo_ignore_all = 0
 
 # Enable IP Forwarding
 # Almost all of my servers run Docker anyways, and Docker absolutely requires this.

etc/sysctl.d/99-workstation.conf

@@ -42,6 +42,8 @@ net.core.bpf_jit_harden = 2
 kernel.unprivileged_userns_clone = 1
 
 # Disable ptrace. Not needed on workstations.
+# Also, the Debian gVisor package from Google will just take priority over this with their
+# /etc/sysctl.d/999-gvisor.conf file.
 kernel.yama.ptrace_scope = 3
 
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
@@ -52,8 +54,6 @@ kernel.perf_event_paranoid = 4
 
 # https://github.com/containerd/containerd/issues/9048
 # Disable io_uring, a very sus feature.
-# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
-# on a Proxmox node.
 kernel_io_uring_disable = 2
 
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel