mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-27 11:41:34 -05:00
Compare commits
5 Commits
b0baa5a3c1
...
ba6116bf6f
Author | SHA1 | Date | |
---|---|---|---|
ba6116bf6f | |||
d434af04b4 | |||
|
4809dcb4ce | ||
9f429d1b75 | |||
55c1da3f33 |
@ -39,7 +39,6 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
@ -48,7 +47,7 @@ sudo chmod 700 /home/*
|
|||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo rm -rf /etc/chrony.conf
|
sudo rm -rf /etc/chrony.conf
|
||||||
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
|
||||||
sudp chmod 644 /etc/chrony.conf
|
sudo chmod 644 /etc/chrony.conf
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
|
||||||
sudo chmod 544 /etc/sysconfig/chronyd
|
sudo chmod 544 /etc/sysconfig/chronyd
|
||||||
|
|
||||||
@ -182,9 +181,9 @@ sudo systemctl restart irqbalance
|
|||||||
|
|
||||||
# Setup notices
|
# Setup notices
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
|
||||||
sudo chmod 644 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue
|
sudo chmod 644 /etc/issue
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
|
||||||
sudo chmod 644 /etc/issue.net
|
sudo chmod 644 /etc/issue.net
|
||||||
|
|
||||||
# Final notes to the user
|
# Final notes to the user
|
||||||
output 'Server setup complete. To use unbound for DNS, you need to reboot.'
|
output 'Server setup complete. To use unbound for DNS, you need to reboot.'
|
||||||
|
@ -39,7 +39,6 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
@ -134,6 +133,9 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Script
|
|||||||
sudo chmod 644 /etc/dnf/dnf.conf
|
sudo chmod 644 /etc/dnf/dnf.conf
|
||||||
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
||||||
|
|
||||||
|
# Remove unwanted groups
|
||||||
|
sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'
|
||||||
|
|
||||||
# Remove firefox packages
|
# Remove firefox packages
|
||||||
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
||||||
|
|
||||||
|
@ -85,9 +85,6 @@ curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/
|
|||||||
mkdir -p /etc/systemd/coredump.conf.d
|
mkdir -p /etc/systemd/coredump.conf.d
|
||||||
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
|
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
|
||||||
|
|
||||||
# Harden SSH
|
|
||||||
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
|
|
||||||
|
|
||||||
# Setup automatic updates
|
# Setup automatic updates
|
||||||
|
|
||||||
mkdir -p /etc/systemd/system/pve-daily-update.service.d
|
mkdir -p /etc/systemd/system/pve-daily-update.service.d
|
||||||
|
@ -34,7 +34,6 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
|
@ -106,6 +106,8 @@ server {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**Notes**: `listen 443 quic reuseport;` is only needed once. If you plan to have multiple vhosts on this setup with SSL, consider making a dedicated vhost for this config so that it is nicer and easier to manage. An example can be found [here](https://github.com/TommyTran732/NGINX-Configs/blob/main/etc/nginx/conf.d/sites_default_quic.conf).
|
||||||
|
|
||||||
## Setup the Database for Drupal
|
## Setup the Database for Drupal
|
||||||
|
|
||||||
As root, log into MariaDB:
|
As root, log into MariaDB:
|
||||||
@ -122,7 +124,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORA
|
|||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
|
|
||||||
## Install drupal
|
## Configure Drupal
|
||||||
|
|
||||||
Go to drupal.yourdomain.tld and follow the prompts.
|
Go to drupal.yourdomain.tld and follow the prompts.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user