ArchTitus/3-post-setup.sh

67 lines
2.6 KiB
Bash

#!/usr/bin/env bash
#------------------------------------------------------------------------------------
# ▄▄
#▀███▀▀▀██▄ ██ ██ ██ ███
# ██ ██ ██ ██ ▄██▄ ██
# ██ ██ ▄▄█▀██████████████ ▄▄█▀██▀███▄███ ▄█▀██▄ ▀███▄███ ▄██▀██ ███████▄
# ██▀▀▀█▄▄▄█▀ ██ ██ ██ ▄█▀ ██ ██▀ ▀▀ ▄█ ▀██ ██▀ ▀▀██▀ ██ ██ ██
# ██ ▀███▀▀▀▀▀▀ ██ ██ ██▀▀▀▀▀▀ ██ ████████ ██ ██ ██ ██
# ██ ▄███▄ ▄ ██ ██ ██▄ ▄ ██ █▀ ██ ██ ██▄ ▄██ ██
#▄████████ ▀█████▀ ▀████ ▀████ ▀█████▀████▄ ▄███▄ ▄████▄████▄ █████▀████ ████▄
#
#------------------------------------------------------------------------------------
echo -e "\nFINAL SETUP AND CONFIGURATION"
# ------------------------------------------------------------------------
echo -e "\nEnabling Login Display Manager"
sudo systemctl enable sddm.service
echo -e "\nSetup SDDM Theme"
sudo cat <<EOF > /etc/sddm.conf
[Theme]
Current=Nordic
EOF
# ------------------------------------------------------------------------
sudo ufw limit 22/tcp
sudo ufw default deny incoming
sudo ufw default allow outgoing
# --- Harden /etc/sysctl.conf
sudo sysctl kernel.modules_disabled=1
sudo sysctl -a
sudo sysctl -A
sudo sysctl mib
sudo sysctl net.ipv4.conf.all.rp_filter
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
# --- PREVENT IP SPOOFS
cat <<EOF > /etc/host.conf
order bind,hosts
multi on
EOF
# --- Enable fail2ban
sudo cp fail2ban.local /etc/fail2ban/
# ------------------------------------------------------------------------
echo -e "\nEnabling essential services"
systemctl enable cups.service
sudo ntpd -qg
sudo systemctl enable ntpd.service
sudo systemctl disable dhcpcd.service
sudo systemctl stop dhcpcd.service
sudo systemctl enable NetworkManager.service
sudo systemctl enable bluetooth
sudo systemctl enable ufw
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
#sudo systemctl enable --now portmaster