Disable sysrq

Signed-off-by: Tommy <contact@tommytran.io>

etc/sysctl.d/99-server.conf

@@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
 # on a Proxmox node.
 kernel_io_uring_disable = 2
 
+# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
+# Disable sysrq
+kernel.sysrq = 0
+
 # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
 # Not running a router here, so no redirects
 net.ipv4.conf.*.send_redirects = 0
@@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
 
 # Check if the source of the IP address is reachable through the same interface it came in
 # Basic IP spoofing mitigation
-net.ipv4.conf.*.rp_filter=1
+net.ipv4.conf.*.rp_filter = 1
 
 # Respond to ICMP
-net.ipv4.icmp_echo_ignore_all=1
+net.ipv4.icmp_echo_ignore_all = 1
-net.ipv6.icmp.echo_ignore_all=1
+net.ipv6.icmp.echo_ignore_all = 1
 
 # Enable IP Forwarding
 # Almost all of my servers run Docker anyways, and Docker absolutely requires this.

etc/sysctl.d/99-workstation.conf

@@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
 # on a Proxmox node.
 kernel_io_uring_disable = 2
 
+# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
+# Disable sysrq
+kernel.sysrq = 0
+
 # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
 # Not running a router here, so no redirects
 net.ipv4.conf.*.send_redirects = 0
@@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
 
 # Check if the source of the IP address is reachable through the same interface it came in
 # Basic IP spoofing mitigation
-net.ipv4.conf.*.rp_filter=1
+net.ipv4.conf.*.rp_filter = 1
 
 # Do not respond to ICMP
-net.ipv4.icmp_echo_ignore_all=1
+net.ipv4.icmp_echo_ignore_all = 1
-net.ipv6.icmp.echo_ignore_all=1
+net.ipv6.icmp.echo_ignore_all = 1
 
 # Enable IP Forwarding
 # Needed for VM networking and whatnot.