?
Solved

I am securing my server and want to harden Host.conf & sysctl, how can I do this?

Posted on 2004-04-01
6
Medium Priority
?
253 Views
Last Modified: 2010-04-22
I am securing my server and want to harden Host.conf & sysctl, how can I do this?
0
Comment
Question by:jesusispabst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 

Author Comment

by:jesusispabst
ID: 10777533
Any help would be greatly appreciated
0
 

Author Comment

by:jesusispabst
ID: 10777537
155 points
0
 
LVL 1

Accepted Solution

by:
badrox earned 620 total points
ID: 10786154
Well, in regards to sysctl.conf at minimum you should set the file 600

As for within the file...

net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

And maybe you already have those set.  To be completely honest, I'd would look for filtering the IP information at the Router level personally.
0
 
LVL 3

Expert Comment

by:yhetti
ID: 11185775
Judging from the fact that you're worried about sysctl, I assume you're a right-minded anal-about-security administrator.  That's awesome.  I *highly* suggest LIDS, the Linux Intrusion Detection System.  It's pretty hardcore.  Play around with it on an experimental machine, because it's tought to configure and it becomes really easy to remove all privileges from root.  It removes a lot of the 'normal' methods of securing from consideration because it works at a lower level.  Excellent project.

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question