From d248da157efa1253620919272c55919daf5651e9 Mon Sep 17 00:00:00 2001
From: Martijn de Boer <git@sexybiggetje.nl>
Date: Tue, 8 Aug 2023 15:49:26 +0200
Subject: [PATCH] Update install.sh

---
 install.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/install.sh b/install.sh
index 80afbcd..cfa0b0d 100644
--- a/install.sh
+++ b/install.sh
@@ -58,7 +58,6 @@ apt update
 apt -y upgrade
 
 # System hardening
-# echo in bold green text: hardening system
 echo -e "\e[1;32mHardening system...\e[0m"
 
 ## Disable info packets 
@@ -112,11 +111,10 @@ echo "kernel.unprivileged_userns_clone = 0" >> /etc/sysctl.d/99-custom.conf
 echo "kernel.unprivileged_bpf_disabled = 1" >> /etc/sysctl.d/99-custom.conf
 echo "net.core.bpf_jit_harden = 2" >> /etc/sysctl.d/99-custom.conf
 
-
 ## Kernel optimisation
 echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
 
-## Filesystem protected
+## Filesystem protection
 echo -e "\e[1;32mHardening filesystem...\e[0m"
 echo "fs.protected_hardlinks=1" >> /etc/sysctl.d/99-custom.conf
 echo "fs.protected_symlinks=1" >> /etc/sysctl.d/99-custom.conf
@@ -161,7 +159,7 @@ then
 	mkdir -p /root/.ssh
 	curl -s ${AUTHORIZED_SSH_KEYS}  > /root/.ssh/authorized_keys
 	chmod 700 /root/.ssh
-	chmod 600 /root/.ssh/authorized_keys
+	chmod 400 /root/.ssh/authorized_keys
 fi
 
 # Configure firewall