Solved

I am securing my server and want to harden Host.conf & sysctl, how can I do this?

Posted on 2004-04-01
6
247 Views
Last Modified: 2010-04-22
I am securing my server and want to harden Host.conf & sysctl, how can I do this?
0
Comment
Question by:jesusispabst
  • 2
6 Comments
 

Author Comment

by:jesusispabst
ID: 10777533
Any help would be greatly appreciated
0
 

Author Comment

by:jesusispabst
ID: 10777537
155 points
0
 
LVL 1

Accepted Solution

by:
badrox earned 155 total points
ID: 10786154
Well, in regards to sysctl.conf at minimum you should set the file 600

As for within the file...

net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

And maybe you already have those set.  To be completely honest, I'd would look for filtering the IP information at the Router level personally.
0
 
LVL 3

Expert Comment

by:yhetti
ID: 11185775
Judging from the fact that you're worried about sysctl, I assume you're a right-minded anal-about-security administrator.  That's awesome.  I *highly* suggest LIDS, the Linux Intrusion Detection System.  It's pretty hardcore.  Play around with it on an experimental machine, because it's tought to configure and it becomes really easy to remove all privileges from root.  It removes a lot of the 'normal' methods of securing from consideration because it works at a lower level.  Excellent project.

0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question