=====Secure Server Build=====

====Network Configuration====

Edit the file /etc/sysctl.conf and add or correct the following lines:
  # Disable network forwarding
  net.ipv4.ip_forward = 0
  net.ipv4.route.flush = 1
  
  # Disable send packet redirects
  net.ipv4.conf.all.send_redirects = 0
  net.ipv4.conf.send_redirects = 0
  net.ipv4.route.flush = 1
  
  # Disable source routed packet acceptance
  net.ipv4.conf.all.accept_source_route = 0
  net.ipv4.conf.default.accept_source_route = 0
  
  # Disable ICMP redirect acceptance
  net.ipv4.conf.all.accept_redirects = 0
  net.ipv4.conf.default.accept_redirects = 0
  
  # Disable secure ICMP redirect acceptance
  net.ipv4.conf.all.secure_redirects = 0
  net.ipv4.conf.default.secure_redirects = 0
    
  # Enable logging of suspicious IP packets
  net.ipv4.conf.all.log_martians = 1
  
  # Enable ignore broadcast requests
  net.ipv4.icmp_echo_ignore_broadcasts = 1
  
  # Enable Bad Error Message Protection
  net.ipv4.icmp_ignore_bogus_error_responses = 1
  
  # Enable RFC recommend source route validation
  net.ipv4.conf.all.rp_filter = 1
  net.ipv4.conf.default.rp_filter = 1
  
  # Enable TCP SYN cookies
  net.ipv4.tcp_syncookies = 1