-
Notifications
You must be signed in to change notification settings - Fork 0
/
poi.extra
66 lines (56 loc) · 2.34 KB
/
poi.extra
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/sh
echo "Poi >> Let's apply extra configurations!";
echo 'Poi >> Enter your password to update databases';
sudo pacman -Syy;
printf "\nPoi >> Now, let's secure this system\n";
echo 'Poi >> Following this article (firejail included):';
printf ' https://medium.com/@0xA1031/5-ways-to-secure-your-arch-linux-fb78818f6469\n\n';
printf '\n--> ufw >> deny incoming ; allow outgoing\n';
sudo pacman -S ufw;
sudo ufw enable;
sudo ufw default deny incoming;
sudo ufw default allow outgoing;
printf '\n--> fail2ban\n';
sudo pacman -S fail2ban;
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local;
sudo systemctl start fail2ban;
sudo systemctl enable fail2ban;
printf '\n--> apparmor\n';
sudo pacman -S apparmor;
sudo systemctl start apparmor;
sudo systemctl enable apparmor;
sudo aa-enforce /etc/apparmor.d/*;
printf '\napparmor >> Please replace the line "GRUB_CMDLINE_LINUX_DEFAULT..." with:\n';
printf '\nGRUB_CMDLINE_LINUX_DEFAULT="quiet splash lsm=landlock,lockdown,yama,apparmor,bpf"\n\n';
echo '(file will open in 7 seconds)';
sleep 7;
sudo nano /etc/default/grub;
grub-mkconfig -o /boot/grub/grub.cfg;
printf '\n\n--> firejail\n';
sudo pacman -S firejail;
sudo apparmor_parser -r /etc/apparmor.d/firejail-default;
echo 'firejail >> To manually run application in firejail sandbox, run:';
echo ' "firejail --apparmor <application>"';
echo ' or add this argument to corresponding .desktop files';
printf '\n--> lynis\n';
sudo pacman -S lynis audit;
sudo systemctl start auditd;
sudo systemctl enable auditd;
echo 'lynis >> Run: "sudo lynis audit system" to list vulnerabilities';
printf "\nPoi >> Lastly, let's make desktop look better\n";
printf ' with Reversal icon theme and Bibata cursor!\n\n';
echo '--> Bibata cursor...';
cd ~/Downloads;
curl -LO https://github.com/ful1e5/Bibata_Cursor/releases/download/v2.0.7/Bibata-Modern-Ice.tar.xz;
tar -xvf Bibata-Modern-Ice.tar.xz;
rm -f Bibata-Modern-Ice.tar.xz;
sudo mv Bibata-Modern-Ice /usr/share/icons/;
gsettings set org.gnome.desktop.interface cursor-theme 'Bibata-Modern-Ice';
echo '--> Reversal icons...';
git clone https://github.com/yeyushengfan258/Reversal-icon-theme.git;
cd Reversal-icon-theme;
sh install.sh;
cd && rm -rf 'Reversal-icon-theme';
gsettings set org.gnome.desktop.interface icon-theme 'Reversal';
printf '\nPoi >> All done, have a good day!\n(https://github.com/reineimi/archpoi)\n';
rm -f poi.extra;