martijn/machineops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update install.sh

Browse source
This commit is contained in:
Martijn de Boer 2023-08-08 15:49:26 +02:00
parent e7f4c40edb
commit d248da157e
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
install.sh
View file

@ -58,7 +58,6 @@ apt update
apt -y upgrade apt -y upgrade
# System hardening # System hardening
# echo in bold green text: hardening system
echo -e "\e[1;32mHardening system...\e[0m" echo -e "\e[1;32mHardening system...\e[0m"
## Disable info packets ## Disable info packets
@ -112,11 +111,10 @@ echo "kernel.unprivileged_userns_clone = 0" >> /etc/sysctl.d/99-custom.conf
echo "kernel.unprivileged_bpf_disabled = 1" >> /etc/sysctl.d/99-custom.conf echo "kernel.unprivileged_bpf_disabled = 1" >> /etc/sysctl.d/99-custom.conf
echo "net.core.bpf_jit_harden = 2" >> /etc/sysctl.d/99-custom.conf echo "net.core.bpf_jit_harden = 2" >> /etc/sysctl.d/99-custom.conf
## Kernel optimisation ## Kernel optimisation
echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
## Filesystem protected ## Filesystem protection
echo -e "\e[1;32mHardening filesystem...\e[0m" echo -e "\e[1;32mHardening filesystem...\e[0m"
echo "fs.protected_hardlinks=1" >> /etc/sysctl.d/99-custom.conf echo "fs.protected_hardlinks=1" >> /etc/sysctl.d/99-custom.conf
echo "fs.protected_symlinks=1" >> /etc/sysctl.d/99-custom.conf echo "fs.protected_symlinks=1" >> /etc/sysctl.d/99-custom.conf
@ -161,7 +159,7 @@ then
mkdir -p /root/.ssh mkdir -p /root/.ssh
curl -s ${AUTHORIZED_SSH_KEYS} > /root/.ssh/authorized_keys curl -s ${AUTHORIZED_SSH_KEYS} > /root/.ssh/authorized_keys
chmod 700 /root/.ssh chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys chmod 400 /root/.ssh/authorized_keys
fi fi
# Configure firewall # Configure firewall