mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 11:41:33 -05:00
Compare commits
No commits in common. "ba6116bf6f66e77aef972d19c670a13eb70be975" and "b0baa5a3c18e6c7ab47c1a89ed467e9eaf784219" have entirely different histories.
ba6116bf6f
...
b0baa5a3c1
@ -39,6 +39,7 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
|
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
@ -47,7 +48,7 @@ sudo chmod 700 /home/*
|
|||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo rm -rf /etc/chrony.conf
|
sudo rm -rf /etc/chrony.conf
|
||||||
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
|
||||||
sudo chmod 644 /etc/chrony.conf
|
sudp chmod 644 /etc/chrony.conf
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
|
||||||
sudo chmod 544 /etc/sysconfig/chronyd
|
sudo chmod 544 /etc/sysconfig/chronyd
|
||||||
|
|
||||||
@ -181,9 +182,9 @@ sudo systemctl restart irqbalance
|
|||||||
|
|
||||||
# Setup notices
|
# Setup notices
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
|
||||||
sudo chmod 644 /etc/issue
|
sudo chmod 644 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue
|
||||||
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
|
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
|
||||||
sudo chmod 644 /etc/issue.net
|
sudo chmod 644 /etc/issue.net
|
||||||
|
|
||||||
# Final notes to the user
|
# Final notes to the user
|
||||||
output 'Server setup complete. To use unbound for DNS, you need to reboot.'
|
output 'Server setup complete. To use unbound for DNS, you need to reboot.'
|
@ -39,6 +39,7 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
|
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
@ -133,9 +134,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Script
|
|||||||
sudo chmod 644 /etc/dnf/dnf.conf
|
sudo chmod 644 /etc/dnf/dnf.conf
|
||||||
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
||||||
|
|
||||||
# Remove unwanted groups
|
|
||||||
sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'
|
|
||||||
|
|
||||||
# Remove firefox packages
|
# Remove firefox packages
|
||||||
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
||||||
|
|
||||||
|
@ -85,6 +85,9 @@ curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/
|
|||||||
mkdir -p /etc/systemd/coredump.conf.d
|
mkdir -p /etc/systemd/coredump.conf.d
|
||||||
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
|
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
|
||||||
|
|
||||||
|
# Harden SSH
|
||||||
|
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
|
||||||
|
|
||||||
# Setup automatic updates
|
# Setup automatic updates
|
||||||
|
|
||||||
mkdir -p /etc/systemd/system/pve-daily-update.service.d
|
mkdir -p /etc/systemd/system/pve-daily-update.service.d
|
||||||
|
@ -34,6 +34,7 @@ sudo systemctl mask kdump.service
|
|||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
|
||||||
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
|
||||||
|
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
|
@ -106,8 +106,6 @@ server {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
**Notes**: `listen 443 quic reuseport;` is only needed once. If you plan to have multiple vhosts on this setup with SSL, consider making a dedicated vhost for this config so that it is nicer and easier to manage. An example can be found [here](https://github.com/TommyTran732/NGINX-Configs/blob/main/etc/nginx/conf.d/sites_default_quic.conf).
|
|
||||||
|
|
||||||
## Setup the Database for Drupal
|
## Setup the Database for Drupal
|
||||||
|
|
||||||
As root, log into MariaDB:
|
As root, log into MariaDB:
|
||||||
@ -124,7 +122,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORA
|
|||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configure Drupal
|
## Install drupal
|
||||||
|
|
||||||
Go to drupal.yourdomain.tld and follow the prompts.
|
Go to drupal.yourdomain.tld and follow the prompts.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user