Fedora-Server-40.sh

@@ -82,19 +82,19 @@ fi
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
 
 # Setup ZRAM
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
+echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
 
 # Setup DNF
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
 sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
 
+# Enable auto TRIM
+sudo systemctl enable fstrim.timer
+
 # Setup fwupd
 echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
 sudo systemctl restart fwupd
 
-# Enable auto TRIM
-sudo systemctl enable fstrim.timer
-
 ### Differentiating bare metal and virtual installs
 
 # Installing tuned first here because virt-what is 1 of its dependencies anyways
@@ -147,15 +147,12 @@ elif [ "${MACHINE_TYPE}" == 'aarch64' ]; then
 fi
 
 # Setup Networking
-sudo firewall-cmd --permanent --remove-service=cockpit
+sudo firewall-cmd --set-default-zone=block
+sudo firewall-cmd --permanent --add-service=dhcpv6-client
 sudo firewall-cmd --reload
 sudo firewall-cmd --lockdown-on
 
 sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
 unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
 sudo systemctl daemon-reload
-sudo systemctl restart NetworkManager
-
-# Setup notices
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net
+sudo systemctl restart NetworkManager

Fedora-Workstation-40.sh

@@ -130,7 +130,7 @@ sudo dconf update
 umask 077
 
 # Setup ZRAM
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
+echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
 
 # Setup DNF
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
@@ -207,13 +207,13 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
     umask 077
 fi
 
+# Enable auto TRIM
+sudo systemctl enable fstrim.timer
+
 # Setup fwupd
 echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
 sudo systemctl restart fwupd
 
-# Enable auto TRIM
-sudo systemctl enable fstrim.timer
-
 ### Differentiating bare metal and virtual installs
 
 # Installing tuned first here because virt-what is 1 of its dependencies anyways

Ubuntu-23.10-Desktop.sh

@@ -44,12 +44,24 @@ install_options
 # Compliance and updates
 sudo systemctl mask debug-shell.service
 
+## Avoid phased updates
+sudo apt install curl -y
+unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
+sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
+
+sudo apt update -y
+sudo apt full-upgrade -y
+sudo apt autoremove -y
+
 # Make home directory private
 sudo chmod 700 /home/*
 
 # Setting umask to 077
 umask 077
-echo 'umask 077' | sudo tee -a /etc/bash.bashrc
+sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
+sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
+sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
+echo 'umask 077' | sudo tee --append /etc/profile
 
 # Setup NTS
 sudo systemctl disable --now systemd-timesyncd
@@ -133,16 +145,6 @@ sudo fwupdmgr refresh --force
 sudo fwupdmgr get-updates -y
 sudo fwupdmgr update -y
 
-## Avoid phased updates
-sudo apt install curl -y
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
-sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
-
-# Update system
-sudo apt update -y
-sudo apt full-upgrade -y
-sudo apt autoremove -y
-
 # Remove unneeded packages
 sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
 sudo apt autoremove -y

Ubuntu-24.04-Server.sh

@@ -29,6 +29,18 @@ sudo systemctl mask debug-shell.service
 echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
 echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
 
+## Avoid phased updates
+sudo apt install -y curl
+unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
+sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
+
+sudo apt update -y
+sudo apt full-upgrade -y
+sudo apt autoremove -y
+
+## Install basic sysadmin tools
+sudo apt install nano iputils-ping
+
 # Make home directory private
 sudo chmod 700 /home/*
 
@@ -79,18 +91,6 @@ fi
 sudo systemctl disable --now apport.service
 sudo systemctl mask apport.service
 
-## Avoid phased updates
-sudo apt install -y curl
-unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
-sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
-
-sudo apt update -y
-sudo apt full-upgrade -y
-sudo apt autoremove -y
-
-## Install basic sysadmin tools
-sudo apt install nano iputils-ping
-
 #Setup fwupd
 sudo apt install fwupd -y
 mkdir -p /etc/systemd/system/fwupd-refresh.service.d

etc/issue

@@ -1,6 +0,0 @@
-You are accessing Thien Tran's information system that is provided for authorized uses only.
-
-ALL ACTIVITY MAY BE MONITORED AND REPORTED. UNAUTHORIZED USES SHALL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.
-
-To report a potential security concern, please contact contact@tommytran.io.
-