1
0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2024-11-22 01:41:34 -05:00

Add hardened_malloc to Fedora

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-04-28 14:16:43 -07:00
parent 49c7b038d3
commit a5c22bbff2
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
2 changed files with 15 additions and 1 deletions

View File

@ -45,3 +45,10 @@ sysctl -p
# Harden SSH
curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | tee /etc/ssh/ssh_config.d/10-custom.conf
chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
# Setup hardened_malloc
dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
dnf install hardened_malloc -y
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload

View File

@ -126,6 +126,13 @@ unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/Tomm
sudo mkdir -p /etc/systemd/system/ModemManager.service.d
curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/divestedcg/Brace/master/brace/usr/lib/systemd/system/ModemManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/ModemManager.service.d/99-brace.conf
# Setup hardened_malloc
sudo dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
sudo dnf install hardened_malloc -y
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
# Setup networking
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf | sudo tee /etc/NetworkManager/conf.d/00-macrandomize.conf
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf | sudo tee /etc/NetworkManager/conf.d/01-transient-hostname.conf