Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-utils-firewall

@@ -290,6 +290,21 @@ function configure_internet_protocol {
         sed -i "s|#net.ipv4.conf.default.accept_redirects.*|net.ipv4.conf.default.accept_redirects = 0|g" /etc/sysctl.conf
         sed -i "s|net.ipv4.conf.default.accept_redirects.*|net.ipv4.conf.default.accept_redirects = 0|g" /etc/sysctl.conf
     fi
+
+    # Randomize kernel
+    if ! grep -q "kernel.randomize_va_space" /etc/sysctl.conf; then
+        echo "kernel.randomize_va_space=2" >> /etc/sysctl.conf
+    else
+        sed -i 's|kernel.randomize_va_space.*|kernel.randomize_va_space=2|g' /etc/sysctl.conf
+    fi
+
+    # Turn off the tcp_timestamps
+    if ! grep -q "net.ipv4.tcp_timestamps" /etc/sysctl.conf; then
+        echo "net.ipv4.tcp_timestamps=0" >> /etc/sysctl.conf
+    else
+        sed -i 's|net.ipv4.tcp_timestamps.*|net.ipv4.tcp_timestamps=0|g' /etc/sysctl.conf
+    fi
+    /sbin/sysctl -p
     mark_completed $FUNCNAME
 }
 

src/freedombone-utils-setup

@@ -646,6 +646,8 @@ function lockdown_permissions {
         chmod -R 600 /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
     fi
+    chown -f root:root /etc/motd /etc/issue*
+    chmod -f 0444 /etc/motd /etc/issue*
 }
 
 function disable_core_dumps {