mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 11:41:33 -05:00
Compare commits
7 Commits
e258f693dc
...
5c7a2850e6
Author | SHA1 | Date | |
---|---|---|---|
5c7a2850e6 | |||
a0a21ba29d | |||
517c1ed2dc | |||
da8b818d76 | |||
740b9d9af6 | |||
80422768f1 | |||
c61c69752f |
@ -158,7 +158,7 @@ fi
|
|||||||
|
|
||||||
# Setup real-ucode
|
# Setup real-ucode
|
||||||
MACHINE_TYPE=$(uname -m)
|
MACHINE_TYPE=$(uname -m)
|
||||||
if [ "$virtualization" = 'none' ] || [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
@ -239,7 +239,7 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup real-ucode
|
# Setup real-ucode
|
||||||
if [ "$virtualization" = 'none' ] || [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
18
RHEL-9.sh
18
RHEL-9.sh
@ -39,6 +39,7 @@ sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
|||||||
sudo chmod 700 /home/*
|
sudo chmod 700 /home/*
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
|
sudo dnf install -y chrony
|
||||||
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf
|
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf
|
||||||
sudo chmod 644 /etc/chrony.conf
|
sudo chmod 644 /etc/chrony.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd
|
||||||
@ -88,12 +89,6 @@ sudo systemctl enable --now dnf-automatic.timer
|
|||||||
# Remove unnecessary packages
|
# Remove unnecessary packages
|
||||||
sudo dnf remove -y cockpit*
|
sudo dnf remove -y cockpit*
|
||||||
|
|
||||||
# Install hardened_malloc
|
|
||||||
sudo dnf copr enable secureblue/hardened_malloc -y
|
|
||||||
sudo dnf install -y hardened_malloc
|
|
||||||
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
|
|
||||||
sudo chmod 644 /etc/ld.so.preload
|
|
||||||
|
|
||||||
# Install appropriate virtualization drivers
|
# Install appropriate virtualization drivers
|
||||||
if [ "$virtualization" = 'kvm' ]; then
|
if [ "$virtualization" = 'kvm' ]; then
|
||||||
sudo dnf install -y qemu-guest-agent
|
sudo dnf install -y qemu-guest-agent
|
||||||
@ -107,6 +102,7 @@ echo 'server:
|
|||||||
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
||||||
trust-anchor-signaling: yes
|
trust-anchor-signaling: yes
|
||||||
root-key-sentinel: yes
|
root-key-sentinel: yes
|
||||||
|
tls-cert-bundle: "/etc/ssl/cert.pem"
|
||||||
tls-ciphers: "PROFILE=SYSTEM"
|
tls-ciphers: "PROFILE=SYSTEM"
|
||||||
hide-http-user-agent: yes
|
hide-http-user-agent: yes
|
||||||
hide-identity: yes
|
hide-identity: yes
|
||||||
@ -135,7 +131,7 @@ forward-zone:
|
|||||||
|
|
||||||
sudo chmod 644 /etc/unbound/unbound.conf
|
sudo chmod 644 /etc/unbound/unbound.conf
|
||||||
|
|
||||||
mkdir -p /etc/systemd/system/unbound.service.d
|
sudo mkdir -p /etc/systemd/system/unbound.service.d
|
||||||
echo $'[Service]
|
echo $'[Service]
|
||||||
MemoryDenyWriteExecute=true
|
MemoryDenyWriteExecute=true
|
||||||
PrivateDevices=true
|
PrivateDevices=true
|
||||||
@ -160,9 +156,9 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
|
|||||||
sudo systemctl enable --now unbound
|
sudo systemctl enable --now unbound
|
||||||
|
|
||||||
# Setup yara
|
# Setup yara
|
||||||
sudo dnf install -y yara
|
#sudo dnf install -y yara
|
||||||
sudo insights-client --collector malware-detection
|
#sudo insights-client --collector malware-detection
|
||||||
sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
||||||
|
|
||||||
# Setup fwupd
|
# Setup fwupd
|
||||||
if [ "$virtualization" = 'none' ]; then
|
if [ "$virtualization" = 'none' ]; then
|
||||||
@ -193,7 +189,7 @@ fi
|
|||||||
|
|
||||||
# Setup real-ucode
|
# Setup real-ucode
|
||||||
MACHINE_TYPE=$(uname -m)
|
MACHINE_TYPE=$(uname -m)
|
||||||
if [ "$virtualization" = 'none' ] || [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||||
|
Loading…
Reference in New Issue
Block a user