Tomster/Linux-Setup-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-10-18 02:35:12 -04:00
Code

Compare commits

base: Tomster:d712fea4f7fddc95ce7f31c5e51d6388d62c5e1d
Branches Tags
Tomster:main
...
compare: Tomster:98ec1194306dd5930d1d9810b7aa7fc74fdce44f
Branches Tags
Tomster:main

5 Commits
d712fea4f7 ... 98ec119430

Author SHA1 Message Date
Tommy
98ec119430
Fix firewalld 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-05-17 04:12:35 -07:00
Tommy
3d1ece9861
Consistency fix 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-05-17 02:49:31 -07:00
Tommy
7b6d7a4911
Setup /etc/issue 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-05-16 23:28:26 -07:00
Tommy
5538cdf7fb
Add /etc/issue 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-05-16 23:15:07 -07:00
Tommy
c5d3b81475
Update zram config 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-05-16 22:32:28 -07:00
5 changed files with 43 additions and 36 deletions
Show Stats Expand all files Collapse all files

17
Fedora-Server-40.sh
View File

@ -82,19 +82,19 @@ fi
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
# Setup ZRAM # Setup ZRAM
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
# Setup DNF # Setup DNF
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/* sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
# Enable auto TRIM
sudo systemctl enable fstrim.timer
# Setup fwupd # Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd sudo systemctl restart fwupd
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs ### Differentiating bare metal and virtual installs
# Installing tuned first here because virt-what is 1 of its dependencies anyways # Installing tuned first here because virt-what is 1 of its dependencies anyways
@ -147,12 +147,15 @@ elif [ "${MACHINE_TYPE}" == 'aarch64' ]; then
fi fi
# Setup Networking # Setup Networking
sudo firewall-cmd --set-default-zone=block sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --permanent --add-service=dhcpv6-client
sudo firewall-cmd --reload sudo firewall-cmd --reload
sudo firewall-cmd --lockdown-on sudo firewall-cmd --lockdown-on
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart NetworkManager sudo systemctl restart NetworkManager
# Setup notices
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net

8
Fedora-Workstation-40.sh
View File

@ -130,7 +130,7 @@ sudo dconf update
umask 077 umask 077
# Setup ZRAM # Setup ZRAM
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
# Setup DNF # Setup DNF
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
@ -207,13 +207,13 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
umask 077 umask 077
fi fi
# Enable auto TRIM
sudo systemctl enable fstrim.timer
# Setup fwupd # Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd sudo systemctl restart fwupd
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs ### Differentiating bare metal and virtual installs
# Installing tuned first here because virt-what is 1 of its dependencies anyways # Installing tuned first here because virt-what is 1 of its dependencies anyways

24
Ubuntu-23.10-Desktop.sh
View File

@ -44,24 +44,12 @@ install_options
# Compliance and updates # Compliance and updates
sudo systemctl mask debug-shell.service sudo systemctl mask debug-shell.service
## Avoid phased updates
sudo apt install curl -y
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
# Make home directory private # Make home directory private
sudo chmod 700 /home/* sudo chmod 700 /home/*
# Setting umask to 077 # Setting umask to 077
umask 077 umask 077
sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf echo 'umask 077' | sudo tee -a /etc/bash.bashrc
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
echo 'umask 077' | sudo tee --append /etc/profile
# Setup NTS # Setup NTS
sudo systemctl disable --now systemd-timesyncd sudo systemctl disable --now systemd-timesyncd
@ -145,6 +133,16 @@ sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates -y sudo fwupdmgr get-updates -y
sudo fwupdmgr update -y sudo fwupdmgr update -y
## Avoid phased updates
sudo apt install curl -y
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
# Update system
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
# Remove unneeded packages # Remove unneeded packages
sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
sudo apt autoremove -y sudo apt autoremove -y

24
Ubuntu-24.04-Server.sh
View File

@ -29,18 +29,6 @@ sudo systemctl mask debug-shell.service
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
## Avoid phased updates
sudo apt install -y curl
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
## Install basic sysadmin tools
sudo apt install nano iputils-ping
# Make home directory private # Make home directory private
sudo chmod 700 /home/* sudo chmod 700 /home/*
@ -91,6 +79,18 @@ fi
sudo systemctl disable --now apport.service sudo systemctl disable --now apport.service
sudo systemctl mask apport.service sudo systemctl mask apport.service
## Avoid phased updates
sudo apt install -y curl
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
sudo apt update -y
sudo apt full-upgrade -y
sudo apt autoremove -y
## Install basic sysadmin tools
sudo apt install nano iputils-ping
#Setup fwupd #Setup fwupd
sudo apt install fwupd -y sudo apt install fwupd -y
mkdir -p /etc/systemd/system/fwupd-refresh.service.d mkdir -p /etc/systemd/system/fwupd-refresh.service.d

6
etc/issue Normal file
View File

@ -0,0 +1,6 @@
You are accessing Thien Tran's information system that is provided for authorized uses only.
ALL ACTIVITY MAY BE MONITORED AND REPORTED. UNAUTHORIZED USES SHALL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.
To report a potential security concern, please contact contact@tommytran.io.