mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 09:31:34 -05:00
Compare commits
5 Commits
d712fea4f7
...
98ec119430
Author | SHA1 | Date | |
---|---|---|---|
98ec119430 | |||
3d1ece9861 | |||
7b6d7a4911 | |||
5538cdf7fb | |||
c5d3b81475 |
@ -82,19 +82,19 @@ fi
|
|||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
|
||||||
|
|
||||||
# Setup ZRAM
|
# Setup ZRAM
|
||||||
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
|
||||||
|
|
||||||
# Setup DNF
|
# Setup DNF
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
||||||
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
||||||
|
|
||||||
# Enable auto TRIM
|
|
||||||
sudo systemctl enable fstrim.timer
|
|
||||||
|
|
||||||
# Setup fwupd
|
# Setup fwupd
|
||||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||||
sudo systemctl restart fwupd
|
sudo systemctl restart fwupd
|
||||||
|
|
||||||
|
# Enable auto TRIM
|
||||||
|
sudo systemctl enable fstrim.timer
|
||||||
|
|
||||||
### Differentiating bare metal and virtual installs
|
### Differentiating bare metal and virtual installs
|
||||||
|
|
||||||
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
||||||
@ -147,12 +147,15 @@ elif [ "${MACHINE_TYPE}" == 'aarch64' ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup Networking
|
# Setup Networking
|
||||||
sudo firewall-cmd --set-default-zone=block
|
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||||
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
|
||||||
sudo firewall-cmd --reload
|
sudo firewall-cmd --reload
|
||||||
sudo firewall-cmd --lockdown-on
|
sudo firewall-cmd --lockdown-on
|
||||||
|
|
||||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl restart NetworkManager
|
sudo systemctl restart NetworkManager
|
||||||
|
|
||||||
|
# Setup notices
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net
|
@ -130,7 +130,7 @@ sudo dconf update
|
|||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
# Setup ZRAM
|
# Setup ZRAM
|
||||||
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
|
||||||
|
|
||||||
# Setup DNF
|
# Setup DNF
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
||||||
@ -207,13 +207,13 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
|
|||||||
umask 077
|
umask 077
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Enable auto TRIM
|
|
||||||
sudo systemctl enable fstrim.timer
|
|
||||||
|
|
||||||
# Setup fwupd
|
# Setup fwupd
|
||||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||||
sudo systemctl restart fwupd
|
sudo systemctl restart fwupd
|
||||||
|
|
||||||
|
# Enable auto TRIM
|
||||||
|
sudo systemctl enable fstrim.timer
|
||||||
|
|
||||||
### Differentiating bare metal and virtual installs
|
### Differentiating bare metal and virtual installs
|
||||||
|
|
||||||
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
||||||
|
@ -44,24 +44,12 @@ install_options
|
|||||||
# Compliance and updates
|
# Compliance and updates
|
||||||
sudo systemctl mask debug-shell.service
|
sudo systemctl mask debug-shell.service
|
||||||
|
|
||||||
## Avoid phased updates
|
|
||||||
sudo apt install curl -y
|
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
|
||||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
|
||||||
|
|
||||||
sudo apt update -y
|
|
||||||
sudo apt full-upgrade -y
|
|
||||||
sudo apt autoremove -y
|
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
sudo chmod 700 /home/*
|
sudo chmod 700 /home/*
|
||||||
|
|
||||||
# Setting umask to 077
|
# Setting umask to 077
|
||||||
umask 077
|
umask 077
|
||||||
sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
|
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
|
||||||
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
|
|
||||||
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
|
|
||||||
echo 'umask 077' | sudo tee --append /etc/profile
|
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo systemctl disable --now systemd-timesyncd
|
sudo systemctl disable --now systemd-timesyncd
|
||||||
@ -145,6 +133,16 @@ sudo fwupdmgr refresh --force
|
|||||||
sudo fwupdmgr get-updates -y
|
sudo fwupdmgr get-updates -y
|
||||||
sudo fwupdmgr update -y
|
sudo fwupdmgr update -y
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
sudo apt install curl -y
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
|
# Update system
|
||||||
|
sudo apt update -y
|
||||||
|
sudo apt full-upgrade -y
|
||||||
|
sudo apt autoremove -y
|
||||||
|
|
||||||
# Remove unneeded packages
|
# Remove unneeded packages
|
||||||
sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
|
sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
|
||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
|
@ -29,18 +29,6 @@ sudo systemctl mask debug-shell.service
|
|||||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
|
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
|
||||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
|
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
|
||||||
|
|
||||||
## Avoid phased updates
|
|
||||||
sudo apt install -y curl
|
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
|
||||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
|
||||||
|
|
||||||
sudo apt update -y
|
|
||||||
sudo apt full-upgrade -y
|
|
||||||
sudo apt autoremove -y
|
|
||||||
|
|
||||||
## Install basic sysadmin tools
|
|
||||||
sudo apt install nano iputils-ping
|
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
sudo chmod 700 /home/*
|
sudo chmod 700 /home/*
|
||||||
|
|
||||||
@ -91,6 +79,18 @@ fi
|
|||||||
sudo systemctl disable --now apport.service
|
sudo systemctl disable --now apport.service
|
||||||
sudo systemctl mask apport.service
|
sudo systemctl mask apport.service
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
sudo apt install -y curl
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
|
sudo apt update -y
|
||||||
|
sudo apt full-upgrade -y
|
||||||
|
sudo apt autoremove -y
|
||||||
|
|
||||||
|
## Install basic sysadmin tools
|
||||||
|
sudo apt install nano iputils-ping
|
||||||
|
|
||||||
#Setup fwupd
|
#Setup fwupd
|
||||||
sudo apt install fwupd -y
|
sudo apt install fwupd -y
|
||||||
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
|
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
|
||||||
|
6
etc/issue
Normal file
6
etc/issue
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
You are accessing Thien Tran's information system that is provided for authorized uses only.
|
||||||
|
|
||||||
|
ALL ACTIVITY MAY BE MONITORED AND REPORTED. UNAUTHORIZED USES SHALL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.
|
||||||
|
|
||||||
|
To report a potential security concern, please contact contact@tommytran.io.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user