[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Network security enhancement

To: linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: Network security enhancement
From: Sunil Dhaka <lindel@xxxxxxxxxxxxx>
Date: Sat, 3 Feb 2001 12:21:08 +0530
Cc: linux-delhi@xxxxxxxxxxxxxxxxxxxxx

Hi Luggers,
Here is a sample /etc/sysctl.conf file which enhances security on servers.
Its specifically for RHL 6.2
The line above each feature is a comment stating what is acheived. Save the
text as /etc/sysctl.conf ( remember to backup your original !!)
Restart your network by :
#/etc/rc.d/init.d/network restart
Regards,
Sunil Dhaka

----------------Begin /etc/sysctl.conf file ------Do not include-------
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Enables source route verification
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
#net.ipv4.ip_always_defrag = 0
# Enable always defragging Protection
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
# Enable ignoring ping request
net.ipv4.icmp_echo_ignore_all = 1
# Enable ignoring broadcast request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
# Enable bad error message Protection
net.ipv4.iicmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
-------------------End /etc/sysctl.conf file --- Do not include -----------

Follow-Ups:
- Re: Network security enhancement
  - From: Manish Malik

Prev by Subject: Re: network fundamentals
Next by Subject: Re: Network security enhancement
Previous by thread: ISP Equipment for SALE
Next by thread: Re: Network security enhancement
Index(es):
- Subject
- Thread