65 lines
2.5 KiB
Bash
65 lines
2.5 KiB
Bash
#!/usr/bin/env bash
|
|
#------------------------------------------------------------------------------------
|
|
# ▄▄
|
|
#▀███▀▀▀██▄ ██ ██ ██ ███
|
|
# ██ ██ ██ ██ ▄██▄ ██
|
|
# ██ ██ ▄▄█▀██████████████ ▄▄█▀██▀███▄███ ▄█▀██▄ ▀███▄███ ▄██▀██ ███████▄
|
|
# ██▀▀▀█▄▄▄█▀ ██ ██ ██ ▄█▀ ██ ██▀ ▀▀ ▄█ ▀██ ██▀ ▀▀██▀ ██ ██ ██
|
|
# ██ ▀███▀▀▀▀▀▀ ██ ██ ██▀▀▀▀▀▀ ██ ████████ ██ ██ ██ ██
|
|
# ██ ▄███▄ ▄ ██ ██ ██▄ ▄ ██ █▀ ██ ██ ██▄ ▄██ ██
|
|
#▄████████ ▀█████▀ ▀████ ▀████ ▀█████▀████▄ ▄███▄ ▄████▄████▄ █████▀████ ████▄
|
|
#
|
|
#------------------------------------------------------------------------------------
|
|
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
|
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
|
|
# ------------------------------------------------------------------------
|
|
|
|
echo -e "\nEnabling Login Display Manager"
|
|
systemctl enable sddm.service
|
|
echo -e "\nSetup SDDM Theme"
|
|
cat <<EOF > /etc/sddm.conf
|
|
[Theme]
|
|
Current=Nordic
|
|
EOF
|
|
|
|
# ------------------------------------------------------------------------
|
|
|
|
ufw limit 22/tcp
|
|
ufw default deny incoming
|
|
ufw default allow outgoing
|
|
|
|
# --- Harden /etc/sysctl.conf
|
|
sysctl kernel.modules_disabled=1
|
|
sysctl -a
|
|
sysctl -A
|
|
sysctl mib
|
|
sysctl net.ipv4.conf.all.rp_filter
|
|
sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
|
|
|
# --- PREVENT IP SPOOFS
|
|
cat <<EOF > /etc/host.conf
|
|
order bind,hosts
|
|
multi on
|
|
EOF
|
|
|
|
# --- Enable fail2ban
|
|
sudo cp fail2ban.local /etc/fail2ban/
|
|
|
|
|
|
# ------------------------------------------------------------------------
|
|
|
|
echo -e "\nEnabling essential services"
|
|
|
|
systemctl enable cups.service
|
|
ntpd -qg
|
|
systemctl enable ntpd.service
|
|
systemctl disable dhcpcd.service
|
|
systemctl stop dhcpcd.service
|
|
systemctl enable NetworkManager.service
|
|
systemctl enable bluetooth
|
|
systemctl enable ufw
|
|
systemctl enable fail2ban
|
|
systemctl start fail2ban
|