├── README.md ├── optimize-ubuntu-18.04.sh └── optimize-ubuntu-20.04.sh /README.md: -------------------------------------------------------------------------------- 1 | ## This project has permanently moved to https://gitlab.com/Mathias-Renner/optimize-ubuntu 2 | -------------------------------------------------------------------------------- /optimize-ubuntu-18.04.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # This software is licensed unter the GPLv3. 4 | # 5 | # Copyright (C) 2018 Mathias Renner 6 | # 7 | # This program is free software: you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation, either version 3 of the License, or 10 | # any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # See http://www.gnu.org/licenses/ fore more information. 18 | 19 | 20 | # Terminate on any error 21 | set -e 22 | 23 | # Ask for sudo password if not sudo privileges 24 | #echo "This script requires sudo privileges. You are asked to provide your user password." 25 | #[ "$UID" -eq 0 ] || gksudo bash "$0" "$@" 26 | 27 | # Ask user for configurations 28 | echo -e "\e[0mWould you like to specify which tasks this software shall execute? If yes, type 'y', otherwise 'n':\e[32m" 29 | read usersettingcustomize 30 | 31 | if [[ $usersettingcustomize == y ]]; then 32 | 33 | echo -e "\e[0mThere are about ten tasks you now can decide about.\e[32m" 34 | 35 | echo -e "\e[0mWould you like to install Teamviewer for remote support? If yes, type 'y', otherwise 'n':\e[32m" 36 | read usersettingteamviewer 37 | 38 | echo -e "\e[0mWould you like to install Anydesk for remote support? If yes, type 'y', otherwise 'n':\e[32m" 39 | read usersettinganydesk 40 | 41 | echo -e "\e[0mWould you like to install the browser Chromium (=Chrome without Google)? If yes, type 'y', otherwise 'n':\e[32m" 42 | read usersettingchromium 43 | 44 | echo -e "\e[0mWould you like to install the password manager KeePass? If yes, type 'y', otherwise 'n':\e[32m" 45 | read usersettingkeepass 46 | 47 | echo -e "\e[0mWould you like to install the clipboard manager copyq? If yes, type 'y', otherwise 'n':\e[32m" 48 | read usersettingcopyq 49 | 50 | echo -e "\e[0mWould you like to install Firefox add-ons for better privacy? If yes, type 'y', otherwise 'n':\e[32m" 51 | read usersettingfirefoxaddon 52 | 53 | echo -e "\e[0mWould you like to harden Firefox for better security and privacy? If yes, type 'y', otherwise 'n':\e[32m" 54 | read usersettingfirefoxharden 55 | 56 | echo -e "\e[0mWould you like to disable Bluetooth and remove all software components for bluetooth? If yes, type 'y', otherwise 'n':\e[32m" 57 | read usersettingbluetooth 58 | fi 59 | 60 | echo -e "\e[0m\n#################################################" 61 | echo -e "### Software Cleanup (automated)" 62 | echo -e "#################################################\e[32m" 63 | 64 | 65 | echo -e "\e[0m\n\n**************************************************" 66 | echo -e "----> Auto-cleanup packages \n\e[32m" 67 | 68 | sudo apt autoremove -y 69 | 70 | 71 | echo -e "\e[0m\n\n**************************************************" 72 | echo -e "----> Cleanup old kernels \n\e[32m" 73 | 74 | sudo dpkg -l linux-{image,headers}-* | awk '/^ii/{print $2}' | egrep '[0-9]+\.[0-9]+\.[0-9]+' | grep -v $(uname -r) | xargs sudo apt-get -y purge 75 | 76 | echo -e "\e[0m\n\n**************************************************" 77 | echo -e "----> Remove online search in dash (u.a. Amazon)\n\e[32m" 78 | 79 | # https://askubuntu.com/questions/192269/how-can-i-remove-amazon-search-results-from-the-dash-or-disable-the-feature 80 | sudo apt remove -y ubuntu-web-launchers 81 | 82 | 83 | echo -e "\e[0m\n\n**************************************************" 84 | echo -e "----> Remove error reporting daemon\n\e[32m" 85 | 86 | # https://forum.ubuntuusers.de/topic/datenschutz-und-ubuntu/ 87 | # This also disable error reporting in system settings 88 | sudo apt remove -y whoopsie apport apport-gtk ubuntu-report ubuntu-web-launchers 89 | 90 | 91 | echo -e "\e[0m\n\n#################################################" 92 | echo -e "### Software Update (automated)" 93 | echo -e "#################################################\e[32m" 94 | 95 | 96 | echo -e "\e[0m\n\n**************************************************" 97 | echo -e "----> Update repositories \n\e[32m" 98 | 99 | sudo apt update 100 | 101 | 102 | echo -e "\e[0m\n\n**************************************************" 103 | echo -e "----> Update of installed apps \n\e[32m" 104 | 105 | sudo apt upgrade -y 106 | 107 | 108 | echo -e "\e[0m\n\n**************************************************" 109 | echo -e "----> Install/Update curl \n\e[32m" 110 | 111 | sudo apt install -y curl 112 | 113 | 114 | # Teamviewer 115 | if [[ $usersettingteamviewer == y ]]; then 116 | echo -e "\e[0m\n\n**************************************************" 117 | echo -e "----> Install/Update TeamViewer\n\e[32m" 118 | 119 | # Fixes dependency error 120 | sudo apt install -fy 121 | 122 | # Make this command always true to not stop the script 123 | # error will be resolved with 'install -f' afterwards 124 | curl https://download.teamviewer.com/download/teamviewer_i386.deb | awk -F '[<>]' -F '["]' ' {print $2}' | xargs curl -o /tmp/teamviewer.deb # parse download page and download .deb file 125 | sudo dpkg -i /tmp/teamviewer.deb || true 126 | 127 | # Fixes dependency error 128 | sudo apt install -fy 129 | fi 130 | 131 | # Anydesk 132 | if [[ $usersettinganydesk == y ]]; then 133 | echo -e "\e[0m\n\n**************************************************" 134 | echo -e "----> Install/Update AnyDesk\n\e[32m" 135 | 136 | #sudo curl https://download.anydesk.com/linux/anydesk_2.9.5-1_amd64.deb -o /tmp/anydesk.deb 137 | # Download latest version of website 138 | DEBNAME=$(curl -s https://download.anydesk.com/linux/ | grep -m 1 'a href="./anydesk' | awk -F[\>] '{print $2}' | awk -F[\<] '{print $1}') 139 | curl -s https://download.anydesk.com/linux/$DEBNAME -o /tmp/anydesk.deb 140 | 141 | # Make this command always true to not stop the script 142 | # error will be resolved with 'install -f' afterwards 143 | sudo dpkg -i /tmp/anydesk.deb || true # install deb package 144 | 145 | # Fixes dependency error 146 | sudo apt install -fy 147 | fi 148 | 149 | # CopyQ 150 | if [[ $usersettingcopyq == y ]]; then 151 | echo -e "\e[0m\n\n**************************************************" 152 | echo -e "----> Install/Update Clipboard Manager\n\e[32m" 153 | 154 | sudo add-apt-repository -y ppa:hluk/copyq 155 | sudo apt update 156 | sudo apt install -y copyq 157 | fi 158 | 159 | echo -e "\e[0m\n\n**************************************************" 160 | echo -e "----> Install/Update Firefox\n\e[32m" 161 | 162 | sudo apt install -y firefox 163 | 164 | # Chromium 165 | if [[ $usersettingchromium == y ]]; then 166 | echo -e "\e[0m\n\n**************************************************" 167 | echo -e "----> Install/Update Chromium\n\e[32m" 168 | 169 | sudo apt install -y chromium-browser 170 | fi 171 | 172 | # Update Firefox Add-Ons 173 | if [[ $usersettingfirefoxaddon == y ]]; then 174 | 175 | echo -e "\e[0m\n\n**************************************************" 176 | echo -e "----> Install/Update Firefox Add-Ons\n\e[32m" 177 | # Ideas from: https://www.kuketz-blog.de/jondofox-profil-nutzung-nicht-mehr-empfehlenswert/ 178 | 179 | 180 | # Install wget as download tool 181 | sudo apt install -y wget 182 | 183 | # Install uBlock 184 | if [ -f /tmp/uBlock0@raymondhill.net.xpi ]; then 185 | echo -e "\nuBlock install file already exists. Skipping..." 186 | else 187 | wget https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/addon-607454-latest.xpi 188 | mv addon-607454-latest.xpi /tmp/uBlock0@raymondhill.net.xpi 189 | cd ~/.mozilla/firefox/ 190 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 191 | mkdir -p extensions/ 192 | cp /tmp/uBlock0@raymondhill.net.xpi extensions/ 193 | fi 194 | 195 | # Install https-everywhere 196 | if [ -f /tmp/https-everywhere@eff.org.xpi ]; then 197 | echo -e "\nHttps-everywhere install file already exists. Skipping..." 198 | else 199 | wget https://addons.mozilla.org/firefox/downloads/latest/https-everywhere/addon-229918-latest.xpi 200 | mv addon-229918-latest.xpi /tmp/https-everywhere@eff.org.xpi 201 | cd ~/.mozilla/firefox/ 202 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 203 | mkdir -p extensions/ 204 | cp /tmp/https-everywhere@eff.org.xpi extensions/ 205 | fi 206 | 207 | # Install CanvasBlocker 208 | if [ -f /tmp/CanvasBlocker@kkapsner.de.xpi ]; then 209 | echo -e "\nCanvasBlocker install file already exists. Skipping..." 210 | else 211 | wget https://addons.mozilla.org/firefox/downloads/latest/canvasblocker/addon-534930-latest.xpi 212 | mv addon-534930-latest.xpi /tmp/CanvasBlocker@kkapsner.de.xpi 213 | cd ~/.mozilla/firefox/ 214 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 215 | mkdir -p extensions 216 | cp /tmp/CanvasBlocker@kkapsner.de.xpi extensions/ 217 | fi 218 | 219 | # Install privacy-settings 220 | if [ -f /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi ]; then 221 | echo -e "\nPrivacy-settings install file already exists. Skipping..." 222 | else 223 | wget https://addons.mozilla.org/firefox/downloads/latest/privacy-settings/addon-627512-latest.xpi 224 | mv addon-627512-latest.xpi /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi 225 | cd ~/.mozilla/firefox/ 226 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 227 | mkdir -p extensions 228 | cp /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi extensions/ 229 | fi 230 | 231 | # Install Privacy Badger 232 | if [ -f /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi ]; then 233 | echo -e "\nPrivacy Badger install file already exists. Skipping..." 234 | else 235 | wget -O addon-506646-latest.xpi https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/addon-506646-latest.xpi 236 | mv addon-506646-latest.xpi /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi 237 | cd ~/.mozilla/firefox/ 238 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 239 | mkdir -p extensions 240 | cp /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi extensions/ 241 | fi 242 | fi 243 | 244 | 245 | # Harden Firefox 246 | if [[ $usersettingfirefoxharden == y ]]; then 247 | 248 | echo -e "\e[0m\n\n**************************************************" 249 | echo -e "----> Harden Firefox \n\e[32m" 250 | 251 | cd ~/.mozilla/firefox/ 252 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 253 | 254 | if [ -f user.js ]; then 255 | echo "User.js exists, deleting it..." 256 | rm user.js # delete existing user.js, to be updated next 257 | fi 258 | 259 | # Downloading user.js 260 | wget https://raw.githubusercontent.com/pyllyukko/user.js/master/user.js # get hardening config file 261 | 262 | # Enable keyword search in browser URL 263 | sed -ie 's/user_pref("keyword.enabled", false);/user_pref("keyword.enabled", true);/g' user.js 264 | 265 | # Don't use private browsing mode all the time 266 | sed -ie 's/user_pref("browser.privatebrowsing.autostart", true);/user_pref("browser.privatebrowsing.autostart", false);/g' user.js 267 | fi 268 | 269 | 270 | #echo -e "\e[0m\n\n**************************************************" 271 | #echo -e "----> Installiere libraries to play DVDs\n\e[32m" 272 | 273 | # http://howtoubuntu.org/how-to-play-a-dvd-in-ubuntu 274 | # https://wiki.ubuntuusers.de/DVD-Wiedergabe/ 275 | #sudo apt install -y libdvdcss2 libdvdread4 libdvdnav4 libdvd-pkg && sudo dpkg-reconfigure libdvd-pkg 276 | 277 | if [[ $usersettingkeepass == y ]]; then 278 | echo -e "\e[0m\n\n**************************************************" 279 | echo -e "----> Install/Update KeePass\n\e[32m" 280 | 281 | sudo apt install -y keepass2 282 | fi 283 | 284 | echo -e "\e[0m\n\n**************************************************" 285 | echo -e "----> Install/Update Preload\n\e[32m" 286 | 287 | # Data about its advantage: http://www.hecticgeek.com/2013/05/using-preload-ubuntu-13-04/ 288 | # Compare to package 'ureadahaed' that is installed by default https://wiki.ubuntuusers.de/Tuning/ 289 | sudo apt install -y preload 290 | 291 | 292 | echo -e "\e[0m\n\n**************************************************" 293 | echo -e "----> Install/Update FSlint\n\e[32m" 294 | 295 | sudo apt install -y fslint 296 | 297 | 298 | echo -e "\e[0m\n\n**************************************************" 299 | echo -e "----> Install/Update compizconfig-settings-manager\n\e[32m" 300 | sudo apt install -y compizconfig-settings-manager 301 | # open it via `ccsm`, go to "effects" and disable checkbox 302 | 303 | 304 | echo -e "\e[0m\n\n**************************************************" 305 | echo -e "----> Install/Update GNOME tweak tool\n\e[32m" 306 | sudo apt-get install -y gnome-tweak-tool 307 | # open via search for "tweaks" 308 | # Desktop -> don't show icons 309 | # Top bar -> Application menu -> set off 310 | # Windows -> Titlebar buttons -> placement -> left 311 | 312 | 313 | echo -e "\e[0m\n\n#################################################" 314 | echo -e "### Optimize settings (automated)" 315 | echo -e "#################################################\e[32m" 316 | 317 | 318 | echo -e "\e[0m\n\n**************************************************" 319 | echo -e "----> Show *all* apps in list of startup items\n\e[32m" 320 | 321 | sudo sed -i 's/NoDisplay=true/NoDisplay=false/g' /etc/xdg/autostart/*.desktop 322 | echo "Done." 323 | # Check for Autostarts. 324 | 325 | #echo -e "\e[0m\n\n**************************************************" 326 | #echo -e "----> Create keybinding for taking screenshots when pressing PRINT key\n\e[32m" 327 | 328 | #if [ -f /usr/local/bin/take-screenshot ]; then 329 | # echo -e "\nScreenshots already configured. Skipping..." 330 | #else 331 | # # Create folder to save screenshots to 332 | # mkdir -p $HOME/Screenshots 333 | # 334 | # # Write screenshot command to file 335 | #cat << EOM >> /usr/local/bin/take-screenshot 336 | #"gnome-screenshot -f $HOME/Screenshots/Screenshot-$(date +%G-%m-%d--%H-%M-%S).png" 337 | #EOM 338 | # 339 | # # Make file executable 340 | # chmod a+x /usr/local/bin/take-screenshot 341 | # 342 | # # Install xbindkeys 343 | # apt install -y xbindkeys 344 | # 345 | # # Create keybinding of print-key to the take-screenshot "binary" 346 | #cat << EOM >> /home/mac/.xbindkeysrc 347 | #"bash /usr/local/bin/take-screenshot" 348 | #Print 349 | #EOM 350 | #fi 351 | 352 | echo -e "\e[0m\n\n**************************************************" 353 | echo -e "----> Configure automatic updates \n\e[32m" 354 | 355 | sudo apt install unattended-upgrades 356 | 357 | # # Edit config file 1 358 | #cat << EOM >> /etc/apt/apt.conf.d/20auto-upgrades 359 | #APT::Periodic::Update-Package-Lists "7"; 360 | #APT::Periodic::Download-Upgradeable-Packages "1"; 361 | #APT::Periodic::AutocleanInterval "1"; 362 | #APT::Periodic::Unattended-Upgrade "1"; 363 | #EOM 364 | # 365 | # # Edit config file 2 366 | #cat << EOM >> /etc/apt/apt.conf.d/50unattended-upgrades 367 | #// Automatically upgrade packages from these (origin:archive) pairs 368 | #Unattended-Upgrade::Allowed-Origins { 369 | #"${distro_id}:${distro_codename}"; 370 | #"${distro_id}:${distro_codename}-security"; 371 | #"${distro_id}:${distro_codename}-updates"; 372 | #// "${distro_id}:${distro_codename}-proposed"; 373 | #// "${distro_id}:${distro_codename}-backports"; 374 | #}; 375 | # 376 | #// List of packages to not update (regexp are supported) 377 | #Unattended-Upgrade::Package-Blacklist { 378 | #// "vim"; 379 | #// "libc6"; 380 | #// "libc6-dev"; 381 | #// "libc6-i686"; 382 | #}; 383 | # 384 | #// This option allows you to control if on a unclean dpkg exit 385 | #// unattended-upgrades will automatically run 386 | #// dpkg --force-confold --configure -a 387 | #// The default is true, to ensure updates keep getting installed 388 | #Unattended-Upgrade::AutoFixInterruptedDpkg "true"; 389 | # 390 | #// Split the upgrade into the smallest possible chunks so that 391 | #// they can be interrupted with SIGUSR1. This makes the upgrade 392 | #// a bit slower but it has the benefit that shutdown while a upgrade 393 | #// is running is possible (with a small delay) 394 | #Unattended-Upgrade::MinimalSteps "true"; 395 | # 396 | #// Install all unattended-upgrades when the machine is shuting down 397 | #// instead of doing it in the background while the machine is running 398 | #// This will (obviously) make shutdown slower 399 | #Unattended-Upgrade::InstallOnShutdown "false"; 400 | # 401 | #// Send email to this address for problems or packages upgrades 402 | #// If empty or unset then no email is sent, make sure that you 403 | #// have a working mail setup on your system. A package that provides 404 | #// 'mailx' must be installed. E.g. "user@example.com" 405 | #//Unattended-Upgrade::Mail "root"; 406 | # 407 | #// Set this value to "true" to get emails only on errors. Default 408 | #// is to always send a mail if Unattended-Upgrade::Mail is set 409 | #//Unattended-Upgrade::MailOnlyOnError "true"; 410 | # 411 | #// Do automatic removal of new unused dependencies after the upgrade 412 | #// (equivalent to apt autoremove) 413 | #Unattended-Upgrade::Remove-Unused-Dependencies "true"; 414 | # 415 | #// Automatically reboot *WITHOUT CONFIRMATION* 416 | #// if the file /var/run/reboot-required is found after the upgrade 417 | #//Unattended-Upgrade::Automatic-Reboot "false"; 418 | # 419 | #// If automatic reboot is enabled and needed, reboot at the specific 420 | #// time instead of immediately 421 | #// Default: "now" 422 | #//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; 423 | # 424 | #// Use apt bandwidth limit feature, this example limits the download 425 | #// speed to 1Mb/sec 426 | #Acquire::http::Dl-Limit "1000"; 427 | #EOM 428 | # 429 | # # restart service 430 | # /etc/init.d/unattended-upgrades restart 431 | 432 | 433 | # 434 | 435 | echo -e "\e[0m\n\n**************************************************" 436 | echo -e "----> Harden against attacs via TMP files\n\e[32m" 437 | # see https://www.privacy-handbuch.de/handbuch_90b.htm 438 | sudo apt install libpam-tmpdir 439 | echo "Done." 440 | 441 | 442 | # Handle Bluetooth 443 | if [[ $usersettingbluetooth == y ]]; then 444 | 445 | echo -e "\e[0m\n\n**************************************************" 446 | echo -e "----> Disable Bluethooth\n\e[32m" 447 | 448 | sudo systemctl disable bluetooth 449 | sudo modprobe -r btusb 450 | echo "blacklist btusb #disable bluetooth" >> /etc/modprobe.d/blacklist.conf 451 | sudo apt remove -y bluez* bluetooth 452 | 453 | fi 454 | 455 | echo -e "\e[0m\n\n**************************************************" 456 | echo -e "----> Don't send usage statistics to Canonical \n\e[32m" 457 | 458 | dconf write /org/gnome/desktop/privacy/send-software-usage-stats false 459 | dconf write /org/gnome/desktop/privacy/report-technical-problem false 460 | echo "Done." 461 | 462 | echo -e "\e[0m\n\n**************************************************" 463 | echo -e "----> Finally cleanup packages \n\e[32m" 464 | 465 | sudo apt autoclean autoremove 466 | 467 | 468 | echo -e "\e[0m\n\nAll done without errors.\n" 469 | 470 | # Ask for configurations 471 | echo -e "You must reboot for all changes to take effect. Would you like to reboot? If yes, type 'y', otherwise 'n':\e[32m" 472 | read usersettingreboot 473 | 474 | if [[ $usersettingreboot == y ]]; then 475 | sudo reboot 476 | fi 477 | -------------------------------------------------------------------------------- /optimize-ubuntu-20.04.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # This software is licensed unter the GPLv3. 4 | # 5 | # Copyright (C) 2020 Mathias Renner 6 | # 7 | # This program is free software: you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation, either version 3 of the License, or 10 | # any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # See http://www.gnu.org/licenses/ fore more information. 18 | 19 | 20 | # Terminate on any error 21 | set -e 22 | 23 | # Ask for sudo password if not sudo privileges 24 | #echo "This script requires sudo privileges. You are asked to provide your user password." 25 | #[ "$UID" -eq 0 ] || gksudo bash "$0" "$@" 26 | 27 | # Ask user for configurations 28 | echo -e "\e[0mWould you like to specify which tasks this software shall execute? If yes, type 'y', otherwise 'n':\e[32m" 29 | read usersettingcustomize 30 | 31 | if [[ $usersettingcustomize == y ]]; then 32 | 33 | echo -e "\e[0mThere are about ten tasks you now can decide about.\e[32m" 34 | 35 | echo -e "\e[0mWould you like to install Teamviewer for remote support? If yes, type 'y', otherwise 'n':\e[32m" 36 | read usersettingteamviewer 37 | 38 | echo -e "\e[0mWould you like to install Anydesk for remote support? If yes, type 'y', otherwise 'n':\e[32m" 39 | read usersettinganydesk 40 | 41 | echo -e "\e[0mWould you like to install the browser Chromium (=Chrome without Google)? If yes, type 'y', otherwise 'n':\e[32m" 42 | read usersettingchromium 43 | 44 | echo -e "\e[0mWould you like to install the password manager KeePass? If yes, type 'y', otherwise 'n':\e[32m" 45 | read usersettingkeepass 46 | 47 | echo -e "\e[0mWould you like to install the clipboard manager copyq? If yes, type 'y', otherwise 'n':\e[32m" 48 | read usersettingcopyq 49 | 50 | echo -e "\e[0mWould you like to install Firefox add-ons for better privacy? If yes, type 'y', otherwise 'n':\e[32m" 51 | read usersettingfirefoxaddon 52 | 53 | echo -e "\e[0mWould you like to harden Firefox for better security and privacy? If yes, type 'y', otherwise 'n':\e[32m" 54 | read usersettingfirefoxharden 55 | 56 | echo -e "\e[0mWould you like to disable Bluetooth and remove all software components for bluetooth? If yes, type 'y', otherwise 'n':\e[32m" 57 | read usersettingbluetooth 58 | fi 59 | 60 | echo -e "\e[0m\n#################################################" 61 | echo -e "### Software Cleanup (automated)" 62 | echo -e "#################################################\e[32m" 63 | 64 | 65 | echo -e "\e[0m\n\n**************************************************" 66 | echo -e "----> Auto-cleanup packages \n\e[32m" 67 | 68 | sudo apt autoremove -y 69 | 70 | 71 | echo -e "\e[0m\n\n**************************************************" 72 | echo -e "----> Cleanup old kernels \n\e[32m" 73 | 74 | sudo dpkg -l linux-{image,headers}-* | awk '/^ii/{print $2}' | egrep '[0-9]+\.[0-9]+\.[0-9]+' | grep -v $(uname -r) | xargs sudo apt-get -y purge 75 | 76 | echo -e "\e[0m\n\n**************************************************" 77 | echo -e "----> Remove error reporting daemon\n\e[32m" 78 | 79 | # https://forum.ubuntuusers.de/topic/datenschutz-und-ubuntu/ 80 | # This also disable error reporting in system settings 81 | sudo apt remove -y whoopsie apport apport-gtk ubuntu-report 82 | 83 | 84 | echo -e "\e[0m\n\n#################################################" 85 | echo -e "### Software Update (automated)" 86 | echo -e "#################################################\e[32m" 87 | 88 | 89 | echo -e "\e[0m\n\n**************************************************" 90 | echo -e "----> Update repositories \n\e[32m" 91 | 92 | sudo apt update 93 | 94 | 95 | echo -e "\e[0m\n\n**************************************************" 96 | echo -e "----> Update of installed apps \n\e[32m" 97 | 98 | sudo apt upgrade -y 99 | 100 | 101 | echo -e "\e[0m\n\n**************************************************" 102 | echo -e "----> Install/Update curl \n\e[32m" 103 | 104 | sudo apt install -y curl 105 | 106 | 107 | echo -e "\e[0m\n\n**************************************************" 108 | echo -e "----> Install/Update VLC Player \n\e[32m" 109 | 110 | sudo apt install -y vlc 111 | 112 | 113 | echo -e "\e[0m\n\n**************************************************" 114 | echo -e "----> Install/Update htop \n\e[32m" 115 | 116 | sudo apt install -y htop 117 | 118 | 119 | # Teamviewer 120 | if [[ $usersettingteamviewer == y ]]; then 121 | echo -e "\e[0m\n\n**************************************************" 122 | echo -e "----> Install/Update TeamViewer\n\e[32m" 123 | 124 | # Fixes dependency error 125 | sudo apt install -fy 126 | 127 | # Make this command always true to not stop the script 128 | # error will be resolved with 'install -f' afterwards 129 | curl https://download.teamviewer.com/download/teamviewer_i386.deb | awk -F '[<>]' -F '["]' ' {print $2}' | xargs curl -o /tmp/teamviewer.deb # parse download page and download .deb file 130 | sudo dpkg -i /tmp/teamviewer.deb || true 131 | 132 | # Fixes dependency error 133 | sudo apt install -fy 134 | fi 135 | 136 | # Anydesk 137 | if [[ $usersettinganydesk == y ]]; then 138 | echo -e "\e[0m\n\n**************************************************" 139 | echo -e "----> Install/Update AnyDesk\n\e[32m" 140 | 141 | #sudo curl https://download.anydesk.com/linux/anydesk_2.9.5-1_amd64.deb -o /tmp/anydesk.deb 142 | # Download latest version of website 143 | DEBNAME=$(curl -s https://download.anydesk.com/linux/ | grep -m 1 'a href="./anydesk' | awk -F[\>] '{print $2}' | awk -F[\<] '{print $1}') 144 | curl -s https://download.anydesk.com/linux/$DEBNAME -o /tmp/anydesk.deb 145 | 146 | # Make this command always true to not stop the script 147 | # error will be resolved with 'install -f' afterwards 148 | sudo dpkg -i /tmp/anydesk.deb || true # install deb package 149 | 150 | # Fixes dependency error 151 | sudo apt install -fy 152 | fi 153 | 154 | # CopyQ 155 | if [[ $usersettingcopyq == y ]]; then 156 | echo -e "\e[0m\n\n**************************************************" 157 | echo -e "----> Install/Update Clipboard Manager\n\e[32m" 158 | 159 | sudo add-apt-repository -y ppa:hluk/copyq 160 | sudo apt update 161 | sudo apt install -y copyq 162 | fi 163 | 164 | echo -e "\e[0m\n\n**************************************************" 165 | echo -e "----> Install/Update Firefox\n\e[32m" 166 | 167 | sudo apt install -y firefox 168 | 169 | # Chromium 170 | if [[ $usersettingchromium == y ]]; then 171 | echo -e "\e[0m\n\n**************************************************" 172 | echo -e "----> Install/Update Chromium\n\e[32m" 173 | 174 | sudo apt install -y chromium-browser 175 | fi 176 | 177 | # Update Firefox Add-Ons 178 | if [[ $usersettingfirefoxaddon == y ]]; then 179 | 180 | 181 | echo -e "\e[0m\n\n**************************************************" 182 | echo -e "----> Install/Update Firefox Add-Ons\n\e[32m" 183 | # Ideas from: https://www.kuketz-blog.de/jondofox-profil-nutzung-nicht-mehr-empfehlenswert/ 184 | 185 | #Install wget as download tool, because curl is not working as expected 186 | sudo apt install -y wget 187 | 188 | # Installing for all users 189 | ALLUSERSHOMEDIR=$(ls -d /home/* | awk 'NR > 1') 190 | #echo $ALLUSERSHOMEDIR 191 | 192 | for userhomedir in $ALLUSERSHOMEDIR; do 193 | #debug code: 194 | #echo $userhomedir 195 | #cd $userhomedir 196 | #echo $(pwd) 197 | 198 | # Install uBlock 199 | if [ -f /tmp/uBlock0@raymondhill.net.xpi ]; then 200 | echo -e "\nuBlock install file already exists. Skipping Download." 201 | else 202 | sudo wget -O /tmp/uBlock0@raymondhill.net.xpi https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/addon-607454-latest.xpi 203 | fi 204 | cd $userhomedir/.mozilla/firefox/ 205 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 206 | mkdir -p extensions/ 207 | cp /tmp/uBlock0@raymondhill.net.xpi extensions/ 208 | 209 | # Install https-everywhere 210 | if [ -f /tmp/https-everywhere@eff.org.xpi ]; then 211 | echo -e "\nHttps-everywhere install file already exists. Skipping Download." 212 | else 213 | sudo wget -O /tmp/https-everywhere@eff.org.xpi https://addons.mozilla.org/firefox/downloads/latest/https-everywhere/addon-229918-latest.xpi 214 | fi 215 | cd $userhomedir/.mozilla/firefox/ 216 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 217 | mkdir -p extensions/ 218 | cp /tmp/https-everywhere@eff.org.xpi extensions/ 219 | 220 | # Install CanvasBlocker - removed - blocks too many functions in websites 221 | 222 | # Install privacy-settings 223 | if [ -f /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi ]; then 224 | echo -e "\nPrivacy-settings install file already exists. Skipping Download." 225 | else 226 | sudo wget -O /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi https://addons.mozilla.org/firefox/downloads/latest/privacy-settings/addon-627512-latest.xpi 227 | fi 228 | cd $userhomedir/.mozilla/firefox/ 229 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 230 | mkdir -p extensions 231 | cp /tmp/jid1-CKHySAadH4nL6Q@jetpack.xpi extensions/ 232 | 233 | # Install Privacy Badger 234 | if [ -f /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi ]; then 235 | echo -e "\nPrivacy Badger install file already exists. Skipping Download." 236 | else 237 | sudo wget -O /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/addon-506646-latest.xpi 238 | fi 239 | cd $userhomedir/.mozilla/firefox/ 240 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 241 | mkdir -p extensions 242 | cp /tmp/jid1-MnnxcxisBPnSXQ@jetpack.xpi extensions/ 243 | 244 | 245 | done #ends for loop for all users 246 | 247 | fi 248 | 249 | 250 | # Harden Firefox 251 | if [[ $usersettingfirefoxharden == y ]]; then 252 | 253 | echo -e "\e[0m\n\n**************************************************" 254 | echo -e "----> Harden Firefox \n\e[32m" 255 | 256 | ALLUSERSHOMEDIR=$(ls -d /home/* | awk 'NR > 1') 257 | #echo $ALLUSERSHOMEDIR 258 | 259 | for userhomedir in $ALLUSERSHOMEDIR; do 260 | 261 | cd $userhomedir/.mozilla/firefox/ 262 | cd "$(ls -la --sort=time | grep -i default | awk -F ' ' '{print $9}' | head -n1)" # cd into most recently used profile 263 | 264 | if [ -f user.js ]; then 265 | echo "User.js exists, deleting it..." 266 | rm user.js # delete existing user.js, to be updated next 267 | fi 268 | 269 | # Downloading user.js 270 | wget https://raw.githubusercontent.com/pyllyukko/user.js/master/user.js # get hardening config file 271 | 272 | # Enable keyword search in browser URL 273 | sed -ie 's/user_pref("keyword.enabled", false);/user_pref("keyword.enabled", true);/g' user.js 274 | 275 | # Don't use private browsing mode all the time 276 | sed -ie 's/user_pref("browser.privatebrowsing.autostart", true);/user_pref("browser.privatebrowsing.autostart", false);/g' user.js 277 | done 278 | fi 279 | 280 | 281 | #echo -e "\e[0m\n\n**************************************************" 282 | #echo -e "----> Installiere libraries to play DVDs\n\e[32m" 283 | 284 | # http://howtoubuntu.org/how-to-play-a-dvd-in-ubuntu 285 | # https://wiki.ubuntuusers.de/DVD-Wiedergabe/ 286 | #sudo apt install -y libdvdcss2 libdvdread4 libdvdnav4 libdvd-pkg && sudo dpkg-reconfigure libdvd-pkg 287 | 288 | if [[ $usersettingkeepass == y ]]; then 289 | echo -e "\e[0m\n\n**************************************************" 290 | echo -e "----> Install/Update KeePass\n\e[32m" 291 | 292 | sudo apt install -y keepass2 293 | fi 294 | 295 | echo -e "\e[0m\n\n**************************************************" 296 | echo -e "----> Install/Update Preload\n\e[32m" 297 | 298 | # Data about its advantage: http://www.hecticgeek.com/2013/05/using-preload-ubuntu-13-04/ 299 | # Compare to package 'ureadahaed' that is installed by default https://wiki.ubuntuusers.de/Tuning/ 300 | sudo apt install -y preload 301 | 302 | 303 | echo -e "\e[0m\n\n**************************************************" 304 | echo -e "----> Install/Update FSlint\n\e[32m" 305 | 306 | #sudo apt install -y fslint 307 | # As of 2020-05-17, fslint has old dependencies is therefore not included in packages. Installing manually... 308 | # https://askubuntu.com/questions/1233710/where-is-fslint-duplicate-file-finder-for-ubuntu-20-04 309 | 310 | sudo curl http://archive.ubuntu.com/ubuntu/pool/universe/p/pygtk/python-gtk2_2.24.0-6_amd64.deb -o /tmp/fslint-1.deb 311 | sudo curl http://archive.ubuntu.com/ubuntu/pool/universe/p/pygtk/python-glade2_2.24.0-6_amd64.deb -o /tmp/fslint-2.deb 312 | sudo curl http://archive.ubuntu.com/ubuntu/pool/universe/f/fslint/fslint_2.46-1_all.deb -o /tmp/fslint-3.deb 313 | 314 | sudo apt install /tmp/fslint*.deb 315 | 316 | 317 | echo -e "\e[0m\n\n**************************************************" 318 | echo -e "----> Install/Update compizconfig-settings-manager\n\e[32m" 319 | sudo apt install -y compizconfig-settings-manager 320 | # open it via `ccsm`, go to "effects" and disable checkbox 321 | 322 | 323 | echo -e "\e[0m\n\n**************************************************" 324 | echo -e "----> Install/Update GNOME tweak tool\n\e[32m" 325 | sudo apt-get install -y gnome-tweak-tool 326 | # open via search for "tweaks" 327 | # Desktop -> don't show icons 328 | # Top bar -> Application menu -> set off 329 | # Windows -> Titlebar buttons -> placement -> left 330 | 331 | 332 | echo -e "\e[0m\n\n#################################################" 333 | echo -e "### Optimize settings (automated)" 334 | echo -e "#################################################\e[32m" 335 | 336 | 337 | echo -e "\e[0m\n\n**************************************************" 338 | echo -e "----> Show *all* apps in list of startup items\n\e[32m" 339 | 340 | sudo sed -i 's/NoDisplay=true/NoDisplay=false/g' /etc/xdg/autostart/*.desktop 341 | echo "Done." 342 | # Check for Autostarts. 343 | 344 | #echo -e "\e[0m\n\n**************************************************" 345 | #echo -e "----> Create keybinding for taking screenshots when pressing PRINT key\n\e[32m" 346 | 347 | #if [ -f /usr/local/bin/take-screenshot ]; then 348 | # echo -e "\nScreenshots already configured. Skipping..." 349 | #else 350 | # # Create folder to save screenshots to 351 | # mkdir -p $HOME/Screenshots 352 | # 353 | # # Write screenshot command to file 354 | #cat << EOM >> /usr/local/bin/take-screenshot 355 | #"gnome-screenshot -f $HOME/Screenshots/Screenshot-$(date +%G-%m-%d--%H-%M-%S).png" 356 | #EOM 357 | # 358 | # # Make file executable 359 | # chmod a+x /usr/local/bin/take-screenshot 360 | # 361 | # # Install xbindkeys 362 | # apt install -y xbindkeys 363 | # 364 | # # Create keybinding of print-key to the take-screenshot "binary" 365 | #cat << EOM >> /home/mac/.xbindkeysrc 366 | #"bash /usr/local/bin/take-screenshot" 367 | #Print 368 | #EOM 369 | #fi 370 | 371 | echo -e "\e[0m\n\n**************************************************" 372 | echo -e "----> Configure automatic updates \n\e[32m" 373 | 374 | sudo apt install unattended-upgrades 375 | 376 | # # Edit config file 1 377 | #cat << EOM >> /etc/apt/apt.conf.d/20auto-upgrades 378 | #APT::Periodic::Update-Package-Lists "7"; 379 | #APT::Periodic::Download-Upgradeable-Packages "1"; 380 | #APT::Periodic::AutocleanInterval "1"; 381 | #APT::Periodic::Unattended-Upgrade "1"; 382 | #EOM 383 | # 384 | # # Edit config file 2 385 | #cat << EOM >> /etc/apt/apt.conf.d/50unattended-upgrades 386 | #// Automatically upgrade packages from these (origin:archive) pairs 387 | #Unattended-Upgrade::Allowed-Origins { 388 | #"${distro_id}:${distro_codename}"; 389 | #"${distro_id}:${distro_codename}-security"; 390 | #"${distro_id}:${distro_codename}-updates"; 391 | #// "${distro_id}:${distro_codename}-proposed"; 392 | #// "${distro_id}:${distro_codename}-backports"; 393 | #}; 394 | # 395 | #// List of packages to not update (regexp are supported) 396 | #Unattended-Upgrade::Package-Blacklist { 397 | #// "vim"; 398 | #// "libc6"; 399 | #// "libc6-dev"; 400 | #// "libc6-i686"; 401 | #}; 402 | # 403 | #// This option allows you to control if on a unclean dpkg exit 404 | #// unattended-upgrades will automatically run 405 | #// dpkg --force-confold --configure -a 406 | #// The default is true, to ensure updates keep getting installed 407 | #Unattended-Upgrade::AutoFixInterruptedDpkg "true"; 408 | # 409 | #// Split the upgrade into the smallest possible chunks so that 410 | #// they can be interrupted with SIGUSR1. This makes the upgrade 411 | #// a bit slower but it has the benefit that shutdown while a upgrade 412 | #// is running is possible (with a small delay) 413 | #Unattended-Upgrade::MinimalSteps "true"; 414 | # 415 | #// Install all unattended-upgrades when the machine is shuting down 416 | #// instead of doing it in the background while the machine is running 417 | #// This will (obviously) make shutdown slower 418 | #Unattended-Upgrade::InstallOnShutdown "false"; 419 | # 420 | #// Send email to this address for problems or packages upgrades 421 | #// If empty or unset then no email is sent, make sure that you 422 | #// have a working mail setup on your system. A package that provides 423 | #// 'mailx' must be installed. E.g. "user@example.com" 424 | #//Unattended-Upgrade::Mail "root"; 425 | # 426 | #// Set this value to "true" to get emails only on errors. Default 427 | #// is to always send a mail if Unattended-Upgrade::Mail is set 428 | #//Unattended-Upgrade::MailOnlyOnError "true"; 429 | # 430 | #// Do automatic removal of new unused dependencies after the upgrade 431 | #// (equivalent to apt autoremove) 432 | #Unattended-Upgrade::Remove-Unused-Dependencies "true"; 433 | # 434 | #// Automatically reboot *WITHOUT CONFIRMATION* 435 | #// if the file /var/run/reboot-required is found after the upgrade 436 | #//Unattended-Upgrade::Automatic-Reboot "false"; 437 | # 438 | #// If automatic reboot is enabled and needed, reboot at the specific 439 | #// time instead of immediately 440 | #// Default: "now" 441 | #//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; 442 | # 443 | #// Use apt bandwidth limit feature, this example limits the download 444 | #// speed to 1Mb/sec 445 | #Acquire::http::Dl-Limit "1000"; 446 | #EOM 447 | # 448 | # # restart service 449 | # /etc/init.d/unattended-upgrades restart 450 | 451 | 452 | # 453 | 454 | echo -e "\e[0m\n\n**************************************************" 455 | echo -e "----> Harden against attacs via TMP files\n\e[32m" 456 | # see https://www.privacy-handbuch.de/handbuch_90b.htm 457 | sudo apt install libpam-tmpdir 458 | echo "Done." 459 | 460 | 461 | # Handle Bluetooth 462 | if [[ $usersettingbluetooth == y ]]; then 463 | 464 | echo -e "\e[0m\n\n**************************************************" 465 | echo -e "----> Disable Bluethooth\n\e[32m" 466 | 467 | sudo systemctl disable bluetooth 468 | sudo modprobe -r btusb 469 | # The following command requires sudo privileges. However the command is not required anyways. 470 | #echo "blacklist btusb #disable bluetooth" >> /etc/modprobe.d/blacklist.conf 471 | 472 | fi 473 | 474 | echo -e "\e[0m\n\n**************************************************" 475 | echo -e "----> Don't send usage statistics to Canonical \n\e[32m" 476 | 477 | dconf write /org/gnome/desktop/privacy/send-software-usage-stats false 478 | dconf write /org/gnome/desktop/privacy/report-technical-problem false 479 | echo "Done." 480 | 481 | echo -e "\e[0m\n\n**************************************************" 482 | echo -e "----> Finally cleanup packages \n\e[32m" 483 | 484 | sudo apt autoclean autoremove 485 | 486 | 487 | echo -e "\e[0m\n\nAll done without errors.\n" 488 | 489 | # Ask for configurations 490 | echo -e "You must reboot for all changes to take effect. Would you like to reboot? If yes, type 'y', otherwise 'n':\e[32m" 491 | read usersettingreboot 492 | 493 | if [[ $usersettingreboot == y ]]; then 494 | sudo reboot 495 | fi 496 | --------------------------------------------------------------------------------