Update easy-arch.sh

easy-arch.sh

@@ -187,27 +187,27 @@ arch-chroot /mnt /bin/bash -e <<EOF
     # Creating grub config file.
     echo "Creating GRUB config file."
     grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
+    
+    #Security kernel settings
+    sudo bash -c 'cat > /mnt/etc/sysctl.d/51-dmesg-restrict.conf' <<-'EOF'
+    kernel.dmesg_restrict = 1
+    EOF
 
-EOF
+    sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kptr-restrict.conf' <<-'EOF'
+    kernel.kptr_restrict = 2
+    EOF
 
-#Security kernel settings
+    sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kexec-restrict.conf' <<-'EOF'
-sudo bash -c 'cat > /mnt/etc/sysctl.d/51-dmesg-restrict.conf' <<-'EOF'
+    kernel.kexec_load_disabled = 1
-kernel.dmesg_restrict = 1
+    EOF
-EOF
 
-sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kptr-restrict.conf' <<-'EOF'
+    sudo bash -c 'cat > /mnt/etc/sysctl.d/10-security.conf' <<-'EOF'
-kernel.kptr_restrict = 2
+    fs.protected_hardlinks = 1
-EOF
+    fs.protected_symlinks = 1
+    net.core.bpf_jit_harden = 2
+    kernel.yama.ptrace_scope = 3
+    EOF    
 
-sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kexec-restrict.conf' <<-'EOF'
-kernel.kexec_load_disabled = 1
-EOF
-
-sudo bash -c 'cat > /mnt/etc/sysctl.d/10-security.conf' <<-'EOF'
-fs.protected_hardlinks = 1
-fs.protected_symlinks = 1
-net.core.bpf_jit_harden = 2
-kernel.yama.ptrace_scope = 3
 EOF
 
 # Setting root password.