Opbzil

User Tools

Site Tools

Trace: open-case ftp monitor terminal concepts wireless_networking prelink configuring_the_mta nfs network_configuration
linux:linux-hardening:network_configuration

Secure Server Build

Network Configuration

Edit the file /etc/sysctl.conf and add or correct the following lines: 

# Disable network forwarding
net.ipv4.ip_forward = 0
net.ipv4.route.flush = 1

# Disable send packet redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.send_redirects = 0
net.ipv4.route.flush = 1

# Disable source routed packet acceptance
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Disable ICMP redirect acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disable secure ICMP redirect acceptance
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
  
# Enable logging of suspicious IP packets
net.ipv4.conf.all.log_martians = 1

# Enable ignore broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable Bad Error Message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Enable RFC recommend source route validation
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Enable TCP SYN cookies
net.ipv4.tcp_syncookies = 1
linux/linux-hardening/network_configuration.txt · Last modified: by 127.0.0.1