#!/usr/bin/env bash #------------------------------------------------------------------------------------ # ▄▄ #▀███▀▀▀██▄ ██ ██ ██ ███ # ██ ██ ██ ██ ▄██▄ ██ # ██ ██ ▄▄█▀██████████████ ▄▄█▀██▀███▄███ ▄█▀██▄ ▀███▄███ ▄██▀██ ███████▄ # ██▀▀▀█▄▄▄█▀ ██ ██ ██ ▄█▀ ██ ██▀ ▀▀ ▄█ ▀██ ██▀ ▀▀██▀ ██ ██ ██ # ██ ▀███▀▀▀▀▀▀ ██ ██ ██▀▀▀▀▀▀ ██ ████████ ██ ██ ██ ██ # ██ ▄███▄ ▄ ██ ██ ██▄ ▄ ██ █▀ ██ ██ ██▄ ▄██ ██ #▄████████ ▀█████▀ ▀████ ▀████ ▀█████▀████▄ ▄███▄ ▄████▄████▄ █████▀████ ████▄ # #------------------------------------------------------------------------------------ echo -e "\nFINAL SETUP AND CONFIGURATION" grub-mkconfig -o /boot/grub/grub.cfg # ------------------------------------------------------------------------ echo -e "\nEnabling Login Display Manager" systemctl enable sddm.service echo -e "\nSetup SDDM Theme" cat < /etc/sddm.conf [Theme] Current=Nordic EOF # ------------------------------------------------------------------------ ufw limit 22/tcp ufw default deny incoming ufw default allow outgoing # --- Harden /etc/sysctl.conf sysctl kernel.modules_disabled=1 sysctl -a sysctl -A sysctl mib sysctl net.ipv4.conf.all.rp_filter sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp' # --- PREVENT IP SPOOFS cat < /etc/host.conf order bind,hosts multi on EOF # --- Enable fail2ban sudo cp fail2ban.local /etc/fail2ban/ # ------------------------------------------------------------------------ echo -e "\nEnabling essential services" systemctl enable cups.service ntpd -qg systemctl enable ntpd.service systemctl disable dhcpcd.service systemctl stop dhcpcd.service systemctl enable NetworkManager.service systemctl enable bluetooth systemctl enable ufw systemctl enable fail2ban systemctl start fail2ban