1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-22 09:31:34 -05:00

Compare commits

...

5 Commits

Author SHA1 Message Date
98ec119430
Fix firewalld
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-17 04:12:35 -07:00
3d1ece9861
Consistency fix
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-17 02:49:31 -07:00
7b6d7a4911
Setup /etc/issue
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 23:28:26 -07:00
5538cdf7fb
Add /etc/issue
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 23:15:07 -07:00
c5d3b81475
Update zram config
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 22:32:28 -07:00
5 changed files with 43 additions and 36 deletions

View File

@ -82,19 +82,19 @@ fi
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
# Setup ZRAM
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
# Setup DNF
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
# Enable auto TRIM
sudo systemctl enable fstrim.timer
# Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs
# Installing tuned first here because virt-what is 1 of its dependencies anyways
@ -147,12 +147,15 @@ elif [ "${MACHINE_TYPE}" == 'aarch64' ]; then
fi
# Setup Networking
sudo firewall-cmd --set-default-zone=block
sudo firewall-cmd --permanent --add-service=dhcpv6-client
sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --reload
sudo firewall-cmd --lockdown-on
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
sudo systemctl daemon-reload
sudo systemctl restart NetworkManager
sudo systemctl restart NetworkManager
# Setup notices
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net

View File

@ -130,7 +130,7 @@ sudo dconf update
umask 077
# Setup ZRAM
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
# Setup DNF
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
@ -207,13 +207,13 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
umask 077
fi
# Enable auto TRIM
sudo systemctl enable fstrim.timer
# Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs
# Installing tuned first here because virt-what is 1 of its dependencies anyways

View File

@ -44,24 +44,12 @@ install_options
# Compliance and updates
sudo systemctl mask debug-shell.service
## Avoid phased updates
sudo apt install curl -y
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
# Make home directory private
sudo chmod 700 /home/*
# Setting umask to 077
umask 077
sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
echo 'umask 077' | sudo tee --append /etc/profile
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
# Setup NTS
sudo systemctl disable --now systemd-timesyncd
@ -145,6 +133,16 @@ sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates -y
sudo fwupdmgr update -y
## Avoid phased updates
sudo apt install curl -y
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
# Update system
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
# Remove unneeded packages
sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
sudo apt autoremove -y

View File

@ -29,18 +29,6 @@ sudo systemctl mask debug-shell.service
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
## Avoid phased updates
sudo apt install -y curl
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
## Install basic sysadmin tools
sudo apt install nano iputils-ping
# Make home directory private
sudo chmod 700 /home/*
@ -91,6 +79,18 @@ fi
sudo systemctl disable --now apport.service
sudo systemctl mask apport.service
## Avoid phased updates
sudo apt install -y curl
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
## Install basic sysadmin tools
sudo apt install nano iputils-ping
#Setup fwupd
sudo apt install fwupd -y
mkdir -p /etc/systemd/system/fwupd-refresh.service.d

6
etc/issue Normal file
View File

@ -0,0 +1,6 @@
You are accessing Thien Tran's information system that is provided for authorized uses only.
ALL ACTIVITY MAY BE MONITORED AND REPORTED. UNAUTHORIZED USES SHALL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.
To report a potential security concern, please contact contact@tommytran.io.