kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 11:30:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update easy-arch.sh

Browse source
This commit is contained in:
Tommaso Chiti 2021-06-13 10:03:02 +02:00 committed by GitHub
parent 799deeab30
commit 74b9bc0a52
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
easy-arch.sh
View file

@ -179,16 +179,6 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en
UUID=$(blkid $Cryptroot | cut -f2 -d'"')
sed -i "s/quiet/quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS lsm=lockdown,yama,apparmor,bpf/g" /mnt/etc/default/grub
# Security kernel settings.
echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
echo "kernel.kexec_load_disabled = 1" > /mnt/etc/sysctl.d/51-kexec-restrict.conf
cat << EOF >> /mnt/etc/sysctl.d/10-security.conf
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 3
EOF
# Configuring the system.
arch-chroot /mnt /bin/bash -e <<EOF
@ -234,6 +224,7 @@ echo "Enabling AppArmor."
systemctl enable apparmor --root=/mnt &>/dev/null
# Enabling Reflector timer.
echo "Enabling Reflector."
systemctl enable reflector.timer --root=/mnt &>/dev/null
# Enabling Snapper automatic snapshots.