mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 01:21:33 -05:00
Disable sysrq
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
5e58a06876
commit
603738ff45
@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
|
|||||||
# on a Proxmox node.
|
# on a Proxmox node.
|
||||||
kernel_io_uring_disable = 2
|
kernel_io_uring_disable = 2
|
||||||
|
|
||||||
|
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
||||||
|
# Disable sysrq
|
||||||
|
kernel.sysrq = 0
|
||||||
|
|
||||||
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
|
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
|
||||||
# Not running a router here, so no redirects
|
# Not running a router here, so no redirects
|
||||||
net.ipv4.conf.*.send_redirects = 0
|
net.ipv4.conf.*.send_redirects = 0
|
||||||
@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
|
|||||||
|
|
||||||
# Check if the source of the IP address is reachable through the same interface it came in
|
# Check if the source of the IP address is reachable through the same interface it came in
|
||||||
# Basic IP spoofing mitigation
|
# Basic IP spoofing mitigation
|
||||||
net.ipv4.conf.*.rp_filter=1
|
net.ipv4.conf.*.rp_filter = 1
|
||||||
|
|
||||||
# Respond to ICMP
|
# Respond to ICMP
|
||||||
net.ipv4.icmp_echo_ignore_all=1
|
net.ipv4.icmp_echo_ignore_all = 1
|
||||||
net.ipv6.icmp.echo_ignore_all=1
|
net.ipv6.icmp.echo_ignore_all = 1
|
||||||
|
|
||||||
# Enable IP Forwarding
|
# Enable IP Forwarding
|
||||||
# Almost all of my servers run Docker anyways, and Docker absolutely requires this.
|
# Almost all of my servers run Docker anyways, and Docker absolutely requires this.
|
||||||
|
@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
|
|||||||
# on a Proxmox node.
|
# on a Proxmox node.
|
||||||
kernel_io_uring_disable = 2
|
kernel_io_uring_disable = 2
|
||||||
|
|
||||||
|
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
||||||
|
# Disable sysrq
|
||||||
|
kernel.sysrq = 0
|
||||||
|
|
||||||
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
|
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
|
||||||
# Not running a router here, so no redirects
|
# Not running a router here, so no redirects
|
||||||
net.ipv4.conf.*.send_redirects = 0
|
net.ipv4.conf.*.send_redirects = 0
|
||||||
@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
|
|||||||
|
|
||||||
# Check if the source of the IP address is reachable through the same interface it came in
|
# Check if the source of the IP address is reachable through the same interface it came in
|
||||||
# Basic IP spoofing mitigation
|
# Basic IP spoofing mitigation
|
||||||
net.ipv4.conf.*.rp_filter=1
|
net.ipv4.conf.*.rp_filter = 1
|
||||||
|
|
||||||
# Do not respond to ICMP
|
# Do not respond to ICMP
|
||||||
net.ipv4.icmp_echo_ignore_all=1
|
net.ipv4.icmp_echo_ignore_all = 1
|
||||||
net.ipv6.icmp.echo_ignore_all=1
|
net.ipv6.icmp.echo_ignore_all = 1
|
||||||
|
|
||||||
# Enable IP Forwarding
|
# Enable IP Forwarding
|
||||||
# Needed for VM networking and whatnot.
|
# Needed for VM networking and whatnot.
|
||||||
|
Loading…
Reference in New Issue
Block a user