diff --git a/etc/sysctl.d/99-server.conf b/etc/sysctl.d/99-server.conf index 628d4e3..b6fe45d 100644 --- a/etc/sysctl.d/99-server.conf +++ b/etc/sysctl.d/99-server.conf @@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4 # on a Proxmox node. kernel_io_uring_disable = 2 +# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel +# Disable sysrq +kernel.sysrq = 0 + # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911 # Not running a router here, so no redirects net.ipv4.conf.*.send_redirects = 0 @@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0 # Check if the source of the IP address is reachable through the same interface it came in # Basic IP spoofing mitigation -net.ipv4.conf.*.rp_filter=1 +net.ipv4.conf.*.rp_filter = 1 # Respond to ICMP -net.ipv4.icmp_echo_ignore_all=1 -net.ipv6.icmp.echo_ignore_all=1 +net.ipv4.icmp_echo_ignore_all = 1 +net.ipv6.icmp.echo_ignore_all = 1 # Enable IP Forwarding # Almost all of my servers run Docker anyways, and Docker absolutely requires this. diff --git a/etc/sysctl.d/99-workstation.conf b/etc/sysctl.d/99-workstation.conf index 17467bd..9372e75 100644 --- a/etc/sysctl.d/99-workstation.conf +++ b/etc/sysctl.d/99-workstation.conf @@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4 # on a Proxmox node. kernel_io_uring_disable = 2 +# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel +# Disable sysrq +kernel.sysrq = 0 + # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911 # Not running a router here, so no redirects net.ipv4.conf.*.send_redirects = 0 @@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0 # Check if the source of the IP address is reachable through the same interface it came in # Basic IP spoofing mitigation -net.ipv4.conf.*.rp_filter=1 +net.ipv4.conf.*.rp_filter = 1 # Do not respond to ICMP -net.ipv4.icmp_echo_ignore_all=1 -net.ipv6.icmp.echo_ignore_all=1 +net.ipv4.icmp_echo_ignore_all = 1 +net.ipv6.icmp.echo_ignore_all = 1 # Enable IP Forwarding # Needed for VM networking and whatnot.