kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 19:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update easy-arch.sh

Browse source
This commit is contained in:
Tommaso Chiti 2021-04-16 15:02:34 +02:00 committed by GitHub
parent 77ddd82d57
commit 20ae7c7a60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
easy-arch.sh
View file

@ -152,6 +152,16 @@ cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.ke
sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub
sed -i "s#FILES=()#FILES=(/root/cryptroot.keyfile)#g" /mnt/etc/mkinitcpio.conf sed -i "s#FILES=()#FILES=(/root/cryptroot.keyfile)#g" /mnt/etc/mkinitcpio.conf
#Security kernel settings
echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
echo "kernel.kexec_load_disabled = 1" > /mnt/etc/sysctl.d/51-kexec-restrict.conf
cat << EOF >> /mnt/etc/sysctl.d/10-security.conf
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 3
EOF
# Configuring the system. # Configuring the system.
arch-chroot /mnt /bin/bash -e <<EOF arch-chroot /mnt /bin/bash -e <<EOF