Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

I am securing my server and want to harden Host.conf & sysctl, how can I do this?

Posted on 2004-04-01
6
Medium Priority
?
254 Views
Last Modified: 2010-04-22
I am securing my server and want to harden Host.conf & sysctl, how can I do this?
0
Comment
Question by:jesusispabst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 

Author Comment

by:jesusispabst
ID: 10777533
Any help would be greatly appreciated
0
 

Author Comment

by:jesusispabst
ID: 10777537
155 points
0
 
LVL 1

Accepted Solution

by:
badrox earned 620 total points
ID: 10786154
Well, in regards to sysctl.conf at minimum you should set the file 600

As for within the file...

net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

And maybe you already have those set.  To be completely honest, I'd would look for filtering the IP information at the Router level personally.
0
 
LVL 3

Expert Comment

by:yhetti
ID: 11185775
Judging from the fact that you're worried about sysctl, I assume you're a right-minded anal-about-security administrator.  That's awesome.  I *highly* suggest LIDS, the Linux Intrusion Detection System.  It's pretty hardcore.  Play around with it on an experimental machine, because it's tought to configure and it becomes really easy to remove all privileges from root.  It removes a lot of the 'normal' methods of securing from consideration because it works at a lower level.  Excellent project.

0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question