Solved

I am securing my server and want to harden Host.conf & sysctl, how can I do this?

Posted on 2004-04-01
6
244 Views
Last Modified: 2010-04-22
I am securing my server and want to harden Host.conf & sysctl, how can I do this?
0
Comment
Question by:jesusispabst
  • 2
6 Comments
 

Author Comment

by:jesusispabst
ID: 10777533
Any help would be greatly appreciated
0
 

Author Comment

by:jesusispabst
ID: 10777537
155 points
0
 
LVL 1

Accepted Solution

by:
badrox earned 155 total points
ID: 10786154
Well, in regards to sysctl.conf at minimum you should set the file 600

As for within the file...

net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

And maybe you already have those set.  To be completely honest, I'd would look for filtering the IP information at the Router level personally.
0
 
LVL 3

Expert Comment

by:yhetti
ID: 11185775
Judging from the fact that you're worried about sysctl, I assume you're a right-minded anal-about-security administrator.  That's awesome.  I *highly* suggest LIDS, the Linux Intrusion Detection System.  It's pretty hardcore.  Play around with it on an experimental machine, because it's tought to configure and it becomes really easy to remove all privileges from root.  It removes a lot of the 'normal' methods of securing from consideration because it works at a lower level.  Excellent project.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
LDAP server set up question 5 143
Need help setting up kerberos 2 35
Need to create RSA key with forced exponent 35 and using ssh-keygen 4 121
liboauth-php x oauth-1.2.3 3 46
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now