Nice guide. I used it on Stretch.
- I had to symlink /var/lib/sudo/ts to /tmp because it gives an error every time running sudo, then I made a systemd service to make that folder
- The /tmp/random-seed file does not get created at startup, even though I added the ExecStartPre line. It says success, but I can't figure out why that file isn't being created:
Process: 97 ExecStartPre=/bin/echo a > /tmp/random-seed (code=exited, status=0/SUCCESS)
- Stretch uses systemd-timesyncd, so there's no need for ntp and it would conflict.
- I like the bash_logout idea to mount ro, but it fails because
mount: only root can use "--options" option
- Fail2ban isn't working. Anybody know if it's possible to configure that to monitor the busybox ring buffer?