1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-22 01:21:33 -05:00

Disable sysrq

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-04 03:50:00 -07:00
parent 5e58a06876
commit 603738ff45
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
2 changed files with 14 additions and 6 deletions

View File

@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
# on a Proxmox node. # on a Proxmox node.
kernel_io_uring_disable = 2 kernel_io_uring_disable = 2
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
# Disable sysrq
kernel.sysrq = 0
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911 # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
# Not running a router here, so no redirects # Not running a router here, so no redirects
net.ipv4.conf.*.send_redirects = 0 net.ipv4.conf.*.send_redirects = 0
@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
# Check if the source of the IP address is reachable through the same interface it came in # Check if the source of the IP address is reachable through the same interface it came in
# Basic IP spoofing mitigation # Basic IP spoofing mitigation
net.ipv4.conf.*.rp_filter=1 net.ipv4.conf.*.rp_filter = 1
# Respond to ICMP # Respond to ICMP
net.ipv4.icmp_echo_ignore_all=1 net.ipv4.icmp_echo_ignore_all = 1
net.ipv6.icmp.echo_ignore_all=1 net.ipv6.icmp.echo_ignore_all = 1
# Enable IP Forwarding # Enable IP Forwarding
# Almost all of my servers run Docker anyways, and Docker absolutely requires this. # Almost all of my servers run Docker anyways, and Docker absolutely requires this.

View File

@ -56,6 +56,10 @@ kernel.perf_event_paranoid = 4
# on a Proxmox node. # on a Proxmox node.
kernel_io_uring_disable = 2 kernel_io_uring_disable = 2
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
# Disable sysrq
kernel.sysrq = 0
# https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911 # https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217911
# Not running a router here, so no redirects # Not running a router here, so no redirects
net.ipv4.conf.*.send_redirects = 0 net.ipv4.conf.*.send_redirects = 0
@ -64,11 +68,11 @@ net.ipv6.conf.*.accept_redirects = 0
# Check if the source of the IP address is reachable through the same interface it came in # Check if the source of the IP address is reachable through the same interface it came in
# Basic IP spoofing mitigation # Basic IP spoofing mitigation
net.ipv4.conf.*.rp_filter=1 net.ipv4.conf.*.rp_filter = 1
# Do not respond to ICMP # Do not respond to ICMP
net.ipv4.icmp_echo_ignore_all=1 net.ipv4.icmp_echo_ignore_all = 1
net.ipv6.icmp.echo_ignore_all=1 net.ipv6.icmp.echo_ignore_all = 1
# Enable IP Forwarding # Enable IP Forwarding
# Needed for VM networking and whatnot. # Needed for VM networking and whatnot.