kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 19:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update easy-arch.sh

Browse source
This commit is contained in:
Tommaso Chiti 2021-04-16 07:28:35 +02:00 committed by GitHub
parent 3cbe6d664f
commit 53944208c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

18
easy-arch.sh
View file

@ -189,24 +189,14 @@ arch-chroot /mnt /bin/bash -e <<EOF
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
#Security kernel settings #Security kernel settings
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-dmesg-restrict.conf' <<-'EOF' echo "kernel.kptr_restrict = 2" > /etc/sysctl.d/51-kptr-restrict.conf
kernel.dmesg_restrict = 1 echo "kernel.kexec_load_disabled = 1" > /etc/sysctl.d/51-kexec-restrict.conf
EOF echo << EOF >> /etc/sysctl.d/10-security.conf
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kptr-restrict.conf' <<-'EOF'
kernel.kptr_restrict = 2
EOF
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kexec-restrict.conf' <<-'EOF'
kernel.kexec_load_disabled = 1
EOF
sudo bash -c 'cat > /mnt/etc/sysctl.d/10-security.conf' <<-'EOF'
fs.protected_hardlinks = 1 fs.protected_hardlinks = 1
fs.protected_symlinks = 1 fs.protected_symlinks = 1
net.core.bpf_jit_harden = 2 net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 3 kernel.yama.ptrace_scope = 3
EOF EOF
EOF EOF