1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-24 02:01:33 -05:00

Compare commits

..

No commits in common. "ba6116bf6f66e77aef972d19c670a13eb70be975" and "b0baa5a3c18e6c7ab47c1a89ed467e9eaf784219" have entirely different histories.

5 changed files with 10 additions and 9 deletions

View File

@ -39,6 +39,7 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private
@ -47,7 +48,7 @@ sudo chmod 700 /home/*
# Setup NTS # Setup NTS
sudo rm -rf /etc/chrony.conf sudo rm -rf /etc/chrony.conf
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
sudo chmod 644 /etc/chrony.conf sudp chmod 644 /etc/chrony.conf
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
sudo chmod 544 /etc/sysconfig/chronyd sudo chmod 544 /etc/sysconfig/chronyd
@ -181,9 +182,9 @@ sudo systemctl restart irqbalance
# Setup notices # Setup notices
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
sudo chmod 644 /etc/issue sudo chmod 644 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
sudo chmod 644 /etc/issue.net sudo chmod 644 /etc/issue.net
# Final notes to the user # Final notes to the user
output 'Server setup complete. To use unbound for DNS, you need to reboot.' output 'Server setup complete. To use unbound for DNS, you need to reboot.'

View File

@ -39,6 +39,7 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private
@ -133,9 +134,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Script
sudo chmod 644 /etc/dnf/dnf.conf sudo chmod 644 /etc/dnf/dnf.conf
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/* sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
# Remove unwanted groups
sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'
# Remove firefox packages # Remove firefox packages
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem

View File

@ -85,6 +85,9 @@ curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/
mkdir -p /etc/systemd/coredump.conf.d mkdir -p /etc/systemd/coredump.conf.d
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
# Harden SSH
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
# Setup automatic updates # Setup automatic updates
mkdir -p /etc/systemd/system/pve-daily-update.service.d mkdir -p /etc/systemd/system/pve-daily-update.service.d

View File

@ -34,6 +34,7 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private

View File

@ -106,8 +106,6 @@ server {
} }
``` ```
**Notes**: `listen 443 quic reuseport;` is only needed once. If you plan to have multiple vhosts on this setup with SSL, consider making a dedicated vhost for this config so that it is nicer and easier to manage. An example can be found [here](https://github.com/TommyTran732/NGINX-Configs/blob/main/etc/nginx/conf.d/sites_default_quic.conf).
## Setup the Database for Drupal ## Setup the Database for Drupal
As root, log into MariaDB: As root, log into MariaDB:
@ -124,7 +122,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORA
exit exit
``` ```
## Configure Drupal ## Install drupal
Go to drupal.yourdomain.tld and follow the prompts. Go to drupal.yourdomain.tld and follow the prompts.