1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-13 21:41:33 -05:00

Compare commits

...

3 Commits

Author SHA1 Message Date
7177cdf774
Typo fix
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-17 15:39:05 -07:00
29a3993155
Add ssh hardening
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-17 15:34:33 -07:00
2e1b763290
tuned not installed by default
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-17 15:22:28 -07:00
2 changed files with 7 additions and 0 deletions

View File

@ -53,6 +53,10 @@ sudo /usr/bin/sed -i 's/\s+nullok//g' /etc/pam.d/system-auth
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | sudo tee /etc/ssh/ssh_config.d/10-custom.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config.d/10-custom.conf | sudo tee /etc/ssh/sshd_config.d/10-custom.conf unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config.d/10-custom.conf | sudo tee /etc/ssh/sshd_config.d/10-custom.conf
sudo mkdir -p /etc/systemd/system/sshd.service.d/
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf | sudo tee /etc/systemd/system/sshd.service.d/override.conf
sudo systemctl daemon-reload
sudo systemctl restart sshd
# Security kernel settings # Security kernel settings
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
@ -103,6 +107,7 @@ sudo systemctl enable fstrim.timer
# Installing tuned first here because virt-what is 1 of its dependencies anyways # Installing tuned first here because virt-what is 1 of its dependencies anyways
sudo dnf install tuned -y sudo dnf install tuned -y
sudo systemctl enable --now tuned
virt_type=$(virt-what) virt_type=$(virt-what)
if [ "$virt_type" = '' ]; then if [ "$virt_type" = '' ]; then

View File

@ -218,6 +218,7 @@ sudo systemctl enable fstrim.timer
# Installing tuned first here because virt-what is 1 of its dependencies anyways # Installing tuned first here because virt-what is 1 of its dependencies anyways
sudo dnf install tuned -y sudo dnf install tuned -y
sudo systemctl enable --now tuned
virt_type=$(virt-what) virt_type=$(virt-what)
if [ "$virt_type" = '' ]; then if [ "$virt_type" = '' ]; then
@ -235,6 +236,7 @@ fi
# Setup tuned # Setup tuned
if [ "$virt_type" = '' ]; then if [ "$virt_type" = '' ]; then
# Don't know whether using tuned would be a good idea on a laptop, power-profiles-daemon should be handling performance tuning IMO. # Don't know whether using tuned would be a good idea on a laptop, power-profiles-daemon should be handling performance tuning IMO.
sudo systemctl disable --now tuned
sudo dnf remove tuned -y sudo dnf remove tuned -y
else else
if [ "$virt_type" = 'kvm' ]; then if [ "$virt_type" = 'kvm' ]; then