| 1540,6 → 1540,7 |
|---|
| # Configuration file of ALCASAR main domains for $INTIF |
| cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| server: |
| local-zone: "$DOMAIN" static |
| local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP" |
| local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN" |
| EOF |
| 1551,9 → 1552,8 |
|---|
| access-control-view: 127.0.0.1/8 lo |
| view: |
| name: "lo" |
| local-data: "$HOSTNAME A 127.0.0.1" |
| local-zone: "$DOMAIN" static |
| local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1" |
| local-data-ptr: "127.0.0.1 $HOSTNAME.$DOMAIN" |
| view-first: yes |
| EOF |
| |
| 1635,7 → 1635,7 |
|---|
| include: /usr/local/share/unbound-wl-enabled/* |
| forward-zone: |
| name: "." |
| forward-addr: 127.0.0.1@53 |
| forward-addr: 127.0.0.1@55 |
| EOF |
| |
| # Configuration file for $INTIF of blackhole unbound |
| 1647,6 → 1647,9 |
|---|
| name: "$INTIF" |
| local-zone: "." redirect |
| local-data: ". A $PRIVATE_IP" |
| local-zone: "$DOMAIN" static |
| local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP" |
| local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN" |
| EOF |
| |
| # Configuration file for blackhole unbound |
| 2133,7 → 2136,7 |
|---|
| /usr/bin/systemctl -q disable $i.service |
| done |
| |
| # Apply some security rules (some are from French cybersecurity Agency - ANSSI) |
| # Apply French Security Agency (ANSSI) rules |
| # ignore ICMP broadcast (smurf attack) |
| echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf |
| # ignore ICMP errors bogus |
| 2162,10 → 2165,6 |
|---|
| echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/alcasar.conf |
| # switch to multi-users runlevel (instead of x11) |
| ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target |
| # disable Core dump file |
| [ -e /etc/security/limits.conf.default ] || cp /etc/security/limits.conf /etc/security/limits.conf.default |
| $SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf |
| |
| # GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner |
| [ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default |
| $SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub |