miasma/miasma-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

updated styling and installation steps
Some checks failed
Build / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
tumillanino
2025-10-31 22:55:30 +11:00
parent cbce2162fe
commit d6a284d48a
7 changed files with 725 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/02-hardening.sh
View File

@@ -2,3 +2,36 @@
set -e
echo "Applying system hardening..."
echo "Configuring kernel parameters..."
cat > /etc/sysctl.d/99-hardening.conf << 'EOF'
kernel.dmesg_restrict = 1
kernel.kptr_restrict = 2
kernel.unprivileged_bpf_disabled = 1
net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 2
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_echo_ignore_all = 1
EOF
echo "Configuring firewall..."
pacman -S --noconfirm --needed ufw
systemctl enable ufw
ufw default deny incoming
ufw default allow outgoing
ufw enable
echo "Setting secure umask..."
echo "umask 077" >> /etc/profile
echo "Disabling core dumps..."
echo "* hard core 0" >> /etc/security/limits.conf
echo "System hardening complete!"