mirror of
https://github.com/tommytran732/QubesOS-Scripts
synced 2024-11-13 22:01:34 -05:00
Compare commits
8 Commits
8ed948c008
...
2bae7cdc56
Author | SHA1 | Date | |
---|---|---|---|
2bae7cdc56 | |||
d6d7cd49e6 | |||
0fcf8b8870 | |||
8165f47d58 | |||
4734c99cf2 | |||
040e5bdd8b | |||
f195bbb2a1 | |||
bf54db5067 |
@ -26,11 +26,11 @@ umask 077
|
|||||||
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
|
echo 'umask 077' | sudo tee -a /etc/bash.bashrc
|
||||||
|
|
||||||
# Harden SSH
|
# Harden SSH
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
|
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
|
|
||||||
# Disable coredump
|
# Disable coredump
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf
|
||||||
|
|
||||||
# Setup dconf
|
# Setup dconf
|
||||||
umask 022
|
umask 022
|
||||||
@ -56,14 +56,38 @@ sudo apt update -y
|
|||||||
sudo apt full-upgrade -y
|
sudo apt full-upgrade -y
|
||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
|
|
||||||
# Adding KickSecure's repo
|
|
||||||
sudo http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable kicksecure
|
|
||||||
|
|
||||||
# Debloat
|
# Debloat
|
||||||
sudo apt purge -y thunderbird emacs emacs-gtk emacs-bin-common emacs-common firefox* keepassxc cups* system-config-printer* xsettingsd yelp*
|
|
||||||
|
# Remove unnecessary stuff from the Qubes template
|
||||||
|
sudo apt purge gnome-software thunderbird keepassxc
|
||||||
|
|
||||||
|
# Remove Network + hardware tools packages
|
||||||
|
sudo apt purge -y cups* '*nfs*' rygel '*smtp*' '*telnet*'
|
||||||
|
|
||||||
|
# Remove support for some languages and spelling
|
||||||
|
sudo apt purge -y '*speech*'
|
||||||
|
|
||||||
|
# Remove codec + image + printers
|
||||||
|
sudo apt purge -y ImageMagick* sane* simple-scan
|
||||||
|
|
||||||
|
# Remove Active Directory + Sysadmin + reporting tools
|
||||||
|
sudo apt purge -y realmd
|
||||||
|
|
||||||
|
# Remove Gnome apps
|
||||||
|
sudo apt purge -y baobab chrome-gnome-shell eog gnome-calculator gnome-calendar gnome-characters gnome-clocks gnome-color-manager \
|
||||||
|
gnome-contacts gnome-disk-utility gnome-font-viewer gnome-logs gnome-maps gnome-music gnome-remote-desktop gnome-shell-extensions \
|
||||||
|
gnome-sound-recorder gnome-tweaks gnome-user-share gnome-weather totem
|
||||||
|
|
||||||
|
# Remove apps
|
||||||
|
sudo apt purge -y cheese evince evolution file-roller* firefox* libreoffice* seahorse synaptic* rhythmbox yelp
|
||||||
|
|
||||||
|
sudo apt purge -y system-config-printer* xsettingsd
|
||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
sudo apt autoclean
|
sudo apt autoclean
|
||||||
|
|
||||||
|
# Adding KickSecure's repo
|
||||||
|
sudo http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable kicksecure
|
||||||
|
|
||||||
# Distribution morphing
|
# Distribution morphing
|
||||||
sudo apt update
|
sudo apt update
|
||||||
sudo apt install --no-install-recommends kicksecure-qubes-cli -y
|
sudo apt install --no-install-recommends kicksecure-qubes-cli -y
|
||||||
|
@ -90,16 +90,16 @@ echo 'XDG_CURRENT_DESKTOP=GNOME' | sudo tee -a /etc/environment
|
|||||||
sudo dnf mark install flatpak gnome-menus qubes-menus
|
sudo dnf mark install flatpak gnome-menus qubes-menus
|
||||||
|
|
||||||
# Remove unnecessary stuff from the Qubes template
|
# Remove unnecessary stuff from the Qubes template
|
||||||
sudo dnf -y remove gnome-software httpd keepassxc thunderbird rygel
|
sudo dnf -y remove gnome-software httpd keepassxc thunderbird
|
||||||
|
|
||||||
# Remove firefox packages
|
# Remove firefox packages
|
||||||
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
|
||||||
|
|
||||||
# Remove Network + hardware tools packages
|
# Remove Network + hardware tools packages
|
||||||
sudo dnf -y remove '*cups' nmap-ncat nfs-utils nmap-ncat openssh-server net-snmp-libs net-tools opensc traceroute rsync tcpdump teamd geolite2* mtr dmidecode sgpio
|
sudo dnf -y remove avahi cifs* '*cups' dmidecode dnsmasq geolite2* mtr net-snmp-libs net-tools nfs-utils nmap-ncat nmap-ncat opensc openssh-server rsync rygel sgpio tcpdump teamd traceroute usb_modeswitch
|
||||||
|
|
||||||
# Remove support for some languages and spelling
|
# Remove support for some languages and spelling
|
||||||
sudo dnf -y remove ibus-typing-booster '*speech*' '*zhuyin*' '*pinyin*' '*m17n*' '*hangul*' '*anthy*' words
|
sudo dnf -y remove '*anthy*' '*hangul*' ibus-typing-booster '*m17n*' '*pinyin*' '*speech*' texlive-libs words '*zhuyin*'
|
||||||
|
|
||||||
# Remove codec + image + printers
|
# Remove codec + image + printers
|
||||||
sudo dnf -y remove openh264 ImageMagick* sane* simple-scan
|
sudo dnf -y remove openh264 ImageMagick* sane* simple-scan
|
||||||
@ -107,20 +107,17 @@ sudo dnf -y remove openh264 ImageMagick* sane* simple-scan
|
|||||||
# Remove Active Directory + Sysadmin + reporting tools
|
# Remove Active Directory + Sysadmin + reporting tools
|
||||||
sudo dnf -y remove 'sssd*' realmd cyrus-sasl-gssapi quota* dos2unix kpartx sos samba-client gvfs-smb
|
sudo dnf -y remove 'sssd*' realmd cyrus-sasl-gssapi quota* dos2unix kpartx sos samba-client gvfs-smb
|
||||||
|
|
||||||
# Remove vm and virtual stuff
|
|
||||||
sudo dnf -y remove 'podman*' '*libvirt*' 'open-vm*' qemu-guest-agent 'hyperv*' spice-vdagent virtualbox-guest-additions vino xorg-x11-drv-vmware xorg-x11-drv-amdgpu
|
|
||||||
|
|
||||||
# Remove NetworkManager
|
# Remove NetworkManager
|
||||||
sudo dnf -y remove NetworkManager-pptp-gnome NetworkManager-ssh-gnome NetworkManager-openconnect-gnome NetworkManager-openvpn-gnome NetworkManager-vpnc-gnome ppp* ModemManager
|
sudo dnf -y remove NetworkManager-pptp-gnome NetworkManager-ssh-gnome NetworkManager-openconnect-gnome NetworkManager-openvpn-gnome NetworkManager-vpnc-gnome ppp* ModemManager
|
||||||
|
|
||||||
# Remove Gnome apps
|
# Remove Gnome apps
|
||||||
sudo dnf remove -y chrome-gnome-shell eog gnome-photos gnome-connections gnome-tour gnome-themes-extra gnome-screenshot gnome-remote-desktop gnome-font-viewer gnome-calculator gnome-calendar gnome-contacts \
|
sudo dnf remove -y baobab chrome-gnome-shell eog gnome-boxes gnome-calculator gnome-calendar gnome-characters gnome-classic* gnome-clocks gnome-color-manager gnome-connections \
|
||||||
gnome-maps gnome-weather gnome-logs gnome-boxes gnome-disk-utility gnome-clocks gnome-color-manager gnome-characters baobab totem \
|
gnome-contacts gnome-disk-utility gnome-font-viewer gnome-logs gnome-maps gnome-photos gnome-remote-desktop gnome-screenshot gnome-shell-extension-apps-menu \
|
||||||
gnome-shell-extension-background-logo gnome-shell-extension-apps-menu gnome-shell-extension-launch-new-instance gnome-shell-extension-places-menu gnome-shell-extension-window-list \
|
gnome-shell-extension-background-logo gnome-shell-extension-launch-new-instance gnome-shell-extension-places-menu gnome-shell-extension-window-list gnome-text-editor \
|
||||||
gnome-classic* gnome-user* gnome-text-editor loupe snapshot
|
gnome-themes-extra gnome-tour gnome-user* gnome-weather loupe snapshot totem
|
||||||
|
|
||||||
# Remove apps
|
# Remove apps
|
||||||
sudo dnf remove -y rhythmbox yelp evince libreoffice* cheese file-roller* mediawriter
|
sudo dnf remove -y cheese evince file-roller* libreoffice* mediawriter rhythmbox yelp
|
||||||
|
|
||||||
# Remove other packages
|
# Remove other packages
|
||||||
# We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration.
|
# We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration.
|
||||||
|
Loading…
Reference in New Issue
Block a user