kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 19:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some security settings from the Arch Wiki

Browse source 
These would be nice to have out of the box, especially with ptrace completely disabled.
This commit is contained in:
TommyTran732 2021-04-15 07:14:22 -04:00 committed by GitHub
parent a4d515776d
commit db155c2c6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
easy-arch.sh
View file

@ -190,6 +190,26 @@ arch-chroot /mnt /bin/bash -e <<EOF
EOF EOF
#Security kernel settings
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-dmesg-restrict.conf' <<-'EOF'
kernel.dmesg_restrict = 1
EOF
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kptr-restrict.conf' <<-'EOF'
kernel.kptr_restrict = 2
EOF
sudo bash -c 'cat > /mnt/etc/sysctl.d/51-kexec-restrict.conf' <<-'EOF'
kernel.kexec_load_disabled = 1
EOF
sudo bash -c 'cat > /mnt/etc/sysctl.d/10-security.conf' <<-'EOF'
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 3
EOF
# Setting root password. # Setting root password.
echo "Setting root password." echo "Setting root password."
arch-chroot /mnt /bin/passwd arch-chroot /mnt /bin/passwd