mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 17:41:32 -05:00
Compare commits
5 Commits
d712fea4f7
...
98ec119430
Author | SHA1 | Date | |
---|---|---|---|
98ec119430 | |||
3d1ece9861 | |||
7b6d7a4911 | |||
5538cdf7fb | |||
c5d3b81475 |
@ -82,19 +82,19 @@ fi
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
|
||||
|
||||
# Setup ZRAM
|
||||
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
|
||||
|
||||
# Setup DNF
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
||||
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
||||
@ -147,12 +147,15 @@ elif [ "${MACHINE_TYPE}" == 'aarch64' ]; then
|
||||
fi
|
||||
|
||||
# Setup Networking
|
||||
sudo firewall-cmd --set-default-zone=block
|
||||
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||
sudo firewall-cmd --reload
|
||||
sudo firewall-cmd --lockdown-on
|
||||
|
||||
sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
|
||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart NetworkManager
|
||||
sudo systemctl restart NetworkManager
|
||||
|
||||
# Setup notices
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net
|
@ -130,7 +130,7 @@ sudo dconf update
|
||||
umask 077
|
||||
|
||||
# Setup ZRAM
|
||||
echo -e '[zram0]\nzram-fraction = 1\nmax-zram-size = 8192\ncompression-algorithm = zstd' | sudo tee /etc/systemd/zram-generator.conf
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf | sudo tee /etc/systemd/zram-generator.conf
|
||||
|
||||
# Setup DNF
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
|
||||
@ -207,13 +207,13 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
|
||||
umask 077
|
||||
fi
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Installing tuned first here because virt-what is 1 of its dependencies anyways
|
||||
|
@ -44,24 +44,12 @@ install_options
|
||||
# Compliance and updates
|
||||
sudo systemctl mask debug-shell.service
|
||||
|
||||
## Avoid phased updates
|
||||
sudo apt install curl -y
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt autoremove -y
|
||||
|
||||
# Make home directory private
|
||||
sudo chmod 700 /home/*
|
||||
|
||||
# Setting umask to 077
|
||||
umask 077
|
||||
sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
|
||||
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
|
||||
sudo sed -i 's/USERGROUPS_ENAB yes/USERGROUPS_ENAB no/g' /etc/login.defs
|
||||
echo 'umask 077' | sudo tee --append /etc/profile
|
||||
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
|
||||
|
||||
# Setup NTS
|
||||
sudo systemctl disable --now systemd-timesyncd
|
||||
@ -145,6 +133,16 @@ sudo fwupdmgr refresh --force
|
||||
sudo fwupdmgr get-updates -y
|
||||
sudo fwupdmgr update -y
|
||||
|
||||
## Avoid phased updates
|
||||
sudo apt install curl -y
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||
|
||||
# Update system
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt autoremove -y
|
||||
|
||||
# Remove unneeded packages
|
||||
sudo apt purge -y apport baobab cups* eog gedit firefox* gnome-calculator gnome-characters* gnome-clocks gnome-font-viewer gnome-logs gnome-power-manager gnome-shell-extension-prefs gnome-text-editor libreoffice* seahorse tcpdump whoopsie
|
||||
sudo apt autoremove -y
|
||||
|
@ -29,18 +29,6 @@ sudo systemctl mask debug-shell.service
|
||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
|
||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
|
||||
|
||||
## Avoid phased updates
|
||||
sudo apt install -y curl
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt autoremove -y
|
||||
|
||||
## Install basic sysadmin tools
|
||||
sudo apt install nano iputils-ping
|
||||
|
||||
# Make home directory private
|
||||
sudo chmod 700 /home/*
|
||||
|
||||
@ -91,6 +79,18 @@ fi
|
||||
sudo systemctl disable --now apport.service
|
||||
sudo systemctl mask apport.service
|
||||
|
||||
## Avoid phased updates
|
||||
sudo apt install -y curl
|
||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||
|
||||
sudo apt update -y
|
||||
sudo apt full-upgrade -y
|
||||
sudo apt autoremove -y
|
||||
|
||||
## Install basic sysadmin tools
|
||||
sudo apt install nano iputils-ping
|
||||
|
||||
#Setup fwupd
|
||||
sudo apt install fwupd -y
|
||||
mkdir -p /etc/systemd/system/fwupd-refresh.service.d
|
||||
|
6
etc/issue
Normal file
6
etc/issue
Normal file
@ -0,0 +1,6 @@
|
||||
You are accessing Thien Tran's information system that is provided for authorized uses only.
|
||||
|
||||
ALL ACTIVITY MAY BE MONITORED AND REPORTED. UNAUTHORIZED USES SHALL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.
|
||||
|
||||
To report a potential security concern, please contact contact@tommytran.io.
|
||||
|
Loading…
Reference in New Issue
Block a user