1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-09 19:51:34 -05:00

Compare commits

..

4 Commits

Author SHA1 Message Date
7fd8e73563
Make sure home dirs are private
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-07 17:26:53 -07:00
5aca397a76
Compliance update
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-07 17:15:05 -07:00
6a6b775631
Disable ctrl-alt-del
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-07 16:44:55 -07:00
50766b9ce5
Remove redundant code
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-07 13:35:40 -07:00
6 changed files with 34 additions and 11 deletions

View File

@ -24,9 +24,10 @@ unpriv(){
sudo -u nobody "$@" sudo -u nobody "$@"
} }
# Moving to the home directory # Compliance
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.) sudo systemctl mask ctrl-alt-del.target
cd /home/"${USER}" || exit sudo systemctl mask debug-shell.service
sudo systemctl mask kdump.service
# Setting umask to 077 # Setting umask to 077
umask 077 umask 077

View File

@ -22,6 +22,13 @@ unpriv(){
sudo -u nobody "$@" sudo -u nobody "$@"
} }
# Compliance
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*
# Setup NTS # Setup NTS
sudo rm -rf /etc/chrony/chrony.conf sudo rm -rf /etc/chrony/chrony.conf
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf

View File

@ -20,6 +20,10 @@ output(){
echo -e '\e[36m'"$1"'\e[0m'; echo -e '\e[36m'"$1"'\e[0m';
} }
# Compliance
systemctl mask ctrl-alt-del.target
systemctl mask debug-shell.service
# Setup NTS # Setup NTS
rm -rf /etc/chrony/chrony.conf rm -rf /etc/chrony/chrony.conf
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf

View File

@ -24,6 +24,13 @@ unpriv(){
sudo -u nobody "$@" sudo -u nobody "$@"
} }
# Compliance
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*
# Setup NTS # Setup NTS
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf -o /etc/chrony.conf

View File

@ -33,6 +33,12 @@ sudo apt install -y usg
sudo apt autoremove -y sudo apt autoremove -y
sudo usg fix cis_level2_workstation sudo usg fix cis_level2_workstation
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*
# Remove AIDE # Remove AIDE
sudo apt purge -y aide* sudo apt purge -y aide*
@ -74,14 +80,6 @@ sudo sysctl -p
# Rebuild initramfs # Rebuild initramfs
sudo update-initramfs -u sudo update-initramfs -u
# Disable telemetry
sudo systemctl stop apport.service
sudo systemctl disable apport.service
sudo systemctl mask apport.service
sudo systemctl stop whoopsie.service
sudo systemctl disable whoopsie.service
sudo systemctl mask whoopsie.service
# Systemd Hardening # Systemd Hardening
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf

View File

@ -33,6 +33,12 @@ sudo apt install -y usg curl libpam-pwquality
sudo apt autoremove -y sudo apt autoremove -y
sudo usg fix cis_level2_server sudo usg fix cis_level2_server
sudo systemctl mask ctrl-alt-del.target
sudo systemctl mask debug-shell.service
# Make home directory private
chmod 700 /home/*
# Remove AIDE # Remove AIDE
sudo apt purge -y aide* sudo apt purge -y aide*