diff --git a/install.sh b/install.sh index 8e3b0c4..21ad80a 100644 --- a/install.sh +++ b/install.sh @@ -606,7 +606,7 @@ forward-zone: forward-addr: 8.8.4.4#dns.google forward-addr: 2001:4860:4860::8888#dns.google forward-addr: 2001:4860:4860::8844#dns.google' | sudo tee /etc/unbound/unbound.conf - + mkdir -p /etc/systemd/system/unbound.service.d echo $'[Service] MemoryDenyWriteExecute=true @@ -637,8 +637,8 @@ LockPersonality=yes' | sudo tee /etc/systemd/system/unbound.service.d/override.c systemctl restart chronyd curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf - curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990_security-misc.conf -o /etc/sysctl.d/990_security-misc.conf - sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990_security-misc.conf + curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf + sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf -o /etc/sysctl.d/30_silent-kernel-printk.conf curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf -o /etc/sysctl.d/30_security-misc_kexec-disable.conf sysctl -p