├── src
├── .ssh
│ ├── authorized_keys
│ └── config
├── .config
│ ├── transmission-daemon
│ └── transmission
│ │ └── settings.json
├── .bash_profile
├── .purple
│ ├── blist.xml
│ ├── status.xml
│ ├── accounts.xml
│ └── prefs.xml
├── .bashrc
└── .gnupg
│ ├── gpg.conf
│ └── sks-keyservers.netCA.pem
├── Makefile
└── README.md
/src/.ssh/authorized_keys:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/src/.config/transmission-daemon:
--------------------------------------------------------------------------------
1 | transmission/
--------------------------------------------------------------------------------
/src/.bash_profile:
--------------------------------------------------------------------------------
1 | #
2 | # ~/.bash_profile
3 | #
4 |
5 | [[ -f ~/.bashrc ]] && . ~/.bashrc
6 |
--------------------------------------------------------------------------------
/src/.purple/blist.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/src/.bashrc:
--------------------------------------------------------------------------------
1 | # An umask that only gives read permissions to users in our group
2 | umask 027
3 |
4 | # If not running interactively, don't do anything
5 | [[ $- != *i* ]] && return
6 |
7 | # Prompt is user@hostname pwd$
8 | export PS1='[\u@\h \W]\$ '
9 |
--------------------------------------------------------------------------------
/src/.purple/status.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | available
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | # Sync /etc/skel with whatever is in src/ after fixing file modes
2 | install: set-file-modes
3 | rsync -av src/ /etc/skel/
4 |
5 | # Since git doesn't care about file modes we have to set them manually
6 | # here
7 | set-file-modes: ssh-file-modes
8 |
9 | ssh-file-modes:
10 | chmod 700 src/.ssh src/.gnupg
11 | chmod 600 src/.ssh/authorized_keys src/.gnupg/*
12 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | duraskel - a collection of hardened configurations for new user accounts
2 |
3 | For hardened configurations for servers see
4 | [duraconf](https://github.com/ioerror/duraconf)
5 |
6 | ## Installation
7 |
8 | Run `make install` as root. It needs rsync.
9 |
10 | ## Contributions
11 |
12 | I'm using gitflow. Please create your branches from the *develop*
13 | branch.
14 |
--------------------------------------------------------------------------------
/src/.ssh/config:
--------------------------------------------------------------------------------
1 | Host *
2 | # Don't use protocol 1
3 | Protocol 2
4 | # Use a socket on secondary connections
5 | ControlMaster auto
6 | ControlPath ~/.ssh/%r@%h:%p
7 | # Host verification and privacy
8 | VerifyHostKeyDNS yes
9 | HashKnownHosts yes
10 | CheckHostIP yes
11 | StrictHostKeyChecking ask
12 | # Connection security
13 | # Old ssh servers may need you to change these two options (do it per
14 | # host)
15 | Ciphers aes256-ctr
16 | MACs hmac-sha2-512
17 | Compression yes
18 | # Uncomment this if you want any host to become a secure SOCKS5 proxy or
19 | # set it per host
20 | # DynamicForward 8081
21 |
22 | # Add your per host configurations here...
23 |
--------------------------------------------------------------------------------
/src/.purple/accounts.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | prpl-bonjour
6 | User
7 |
8 | 0
9 |
10 |
11 |
12 | 5298
13 |
14 | Name
15 | User
16 | 1
17 |
18 |
19 | 1
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/src/.gnupg/gpg.conf:
--------------------------------------------------------------------------------
1 | # From duraconf
2 | # personal digest preferences
3 | personal-digest-preferences SHA512
4 |
5 | # message digest algorithm used when signing a key
6 | cert-digest-algo SHA512
7 |
8 | # Set the list of default preferences to string.
9 | # used for new keys and default for "setpref"
10 | default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
11 |
12 | # From
13 | # https://crabgrass.riseup.net/riseuplabs+paow/openpgp-best-practices
14 | # Only use secure keyservers
15 | keyserver hkps://hkps.pool.sks-keyservers.net
16 | keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem
17 | keyserver-options no-honor-keyserver-url
18 |
19 | # when outputting certificates, view user IDs distinctly from keys:
20 | fixed-list-mode
21 |
22 | # short-keyids are trivially spoofed; it's easy to create a long-keyid
23 | # collision; if you care about strong key identifiers, you always want
24 | # to see the fingerprint:
25 | keyid-format 0xlong
26 | fingerprint
27 |
28 | # when multiple digests are supported by all recipients, choose the
29 | # strongest one:
30 | personal-digest-preferences SHA512 SHA384 SHA256 SHA224
31 |
32 | # If you use a graphical environment (and even if you don't)
33 | # you should be using an agent: (similar arguments as
34 | # https://www.debian-administration.org/users/dkg/weblog/64)
35 | use-agent
36 |
37 | # You should always know at a glance which User IDs gpg thinks are
38 | # legitimately bound to the keys in your keyring:
39 | verify-options show-uid-validity
40 | list-options show-uid-validity
41 |
42 | # include an unambiguous indicator of which key made a signature: (see
43 | # http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
44 | sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
45 |
46 | # Anonymize the encryption by removing the key IDs from the pgp packet
47 | throw-keyids
48 |
--------------------------------------------------------------------------------
/src/.gnupg/sks-keyservers.netCA.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
3 | BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
4 | ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
5 | MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
6 | c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
7 | cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
8 | ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
9 | 6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
10 | MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
11 | 45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
12 | FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
13 | Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
14 | aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
15 | MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
16 | u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
17 | p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
18 | fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
19 | A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
20 | TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
21 | OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
22 | gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
23 | X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
24 | gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
25 | UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
26 | lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
27 | BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
28 | cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
29 | f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
30 | ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
31 | WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
32 | -----END CERTIFICATE-----
33 |
--------------------------------------------------------------------------------
/src/.config/transmission/settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "alt-speed-down": 50,
3 | "alt-speed-enabled": false,
4 | "alt-speed-time-begin": 540,
5 | "alt-speed-time-day": 127,
6 | "alt-speed-time-enabled": false,
7 | "alt-speed-time-end": 1020,
8 | "alt-speed-up": 50,
9 | "bind-address-ipv4": "0.0.0.0",
10 | "bind-address-ipv6": "::",
11 | "blocklist-date": 1387199068,
12 | "blocklist-enabled": true,
13 | "blocklist-updates-enabled": true,
14 | "blocklist-url": "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz",
15 | "cache-size-mb": 4,
16 | "compact-view": false,
17 | "dht-enabled": true,
18 | "download-dir": "~/Downloads",
19 | "download-queue-enabled": true,
20 | "download-queue-size": 5,
21 | "encryption": 2,
22 | "idle-seeding-limit": 30,
23 | "idle-seeding-limit-enabled": true,
24 | "incomplete-dir": "",
25 | "incomplete-dir-enabled": false,
26 | "inhibit-desktop-hibernation": false,
27 | "lpd-enabled": true,
28 | "main-window-height": 714,
29 | "main-window-is-maximized": 1,
30 | "main-window-width": 1024,
31 | "main-window-x": 0,
32 | "main-window-y": 30,
33 | "message-level": 2,
34 | "open-dialog-dir": "",
35 | "peer-congestion-algorithm": "",
36 | "peer-id-ttl-hours": 6,
37 | "peer-limit-global": 240,
38 | "peer-limit-per-torrent": 60,
39 | "peer-port": 51413,
40 | "peer-port-random-high": 65535,
41 | "peer-port-random-low": 49152,
42 | "peer-port-random-on-start": true,
43 | "peer-socket-tos": "default",
44 | "pex-enabled": true,
45 | "port-forwarding-enabled": true,
46 | "preallocation": 1,
47 | "prefetch-enabled": 1,
48 | "queue-stalled-enabled": true,
49 | "queue-stalled-minutes": 30,
50 | "ratio-limit": 2,
51 | "ratio-limit-enabled": true,
52 | "rename-partial-files": true,
53 | "rpc-authentication-required": false,
54 | "rpc-bind-address": "127.0.0.1",
55 | "rpc-enabled": true,
56 | "rpc-password": "{b4d2e6b7db60f3e639b78f7ed869f1264c4f04f0U.hFGv21",
57 | "rpc-port": 9091,
58 | "rpc-url": "/transmission/",
59 | "rpc-username": "",
60 | "rpc-whitelist": "127.0.0.1",
61 | "rpc-whitelist-enabled": true,
62 | "scrape-paused-torrents-enabled": true,
63 | "script-torrent-done-enabled": false,
64 | "script-torrent-done-filename": "",
65 | "seed-queue-enabled": false,
66 | "seed-queue-size": 10,
67 | "show-backup-trackers": true,
68 | "show-extra-peer-details": false,
69 | "show-filterbar": true,
70 | "show-notification-area-icon": true,
71 | "show-options-window": true,
72 | "show-statusbar": true,
73 | "show-toolbar": false,
74 | "show-tracker-scrapes": true,
75 | "sort-mode": "sort-by-name",
76 | "sort-reversed": false,
77 | "speed-limit-down": 100,
78 | "speed-limit-down-enabled": false,
79 | "speed-limit-up": 100,
80 | "speed-limit-up-enabled": false,
81 | "start-added-torrents": true,
82 | "statusbar-stats": "total-ratio",
83 | "torrent-added-notification-enabled": false,
84 | "torrent-complete-notification-enabled": true,
85 | "torrent-complete-sound-command": "canberra-gtk-play -i complete-download -d 'transmission torrent downloaded'",
86 | "torrent-complete-sound-enabled": false,
87 | "trash-can-enabled": true,
88 | "trash-original-torrent-files": false,
89 | "umask": 18,
90 | "upload-slots-per-torrent": 14,
91 | "user-has-given-informed-consent": false,
92 | "utp-enabled": true,
93 | "watch-dir": "",
94 | "watch-dir-enabled": false
95 | }
96 |
97 |
--------------------------------------------------------------------------------
/src/.purple/prefs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |