Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-22 12:04:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse source
This commit is contained in:
Patrick Schleizer 2019-12-05 15:46:19 -05:00
commit 19add3299c
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
debian/control vendored
View file

@ -43,8 +43,9 @@ Description: enhances misc security settings
* The TCP/IP stack is hardened by disabling ICMP redirect acceptance, * The TCP/IP stack is hardened by disabling ICMP redirect acceptance,
ICMP redirect sending and source routing to prevent man-in-the-middle attacks, ICMP redirect sending and source routing to prevent man-in-the-middle attacks,
ignoring all ICMP requests, enabling TCP syncookies to prevent SYN flood ignoring all ICMP requests, enabling TCP syncookies to prevent SYN flood
attacks and enabling RFC1337 to protect against time-wait assassination attacks, enabling RFC1337 to protect against time-wait assassination
attacks. attacks and enabling reverse path filtering to prevent IP spoofing and
mitigate vulnerabilities such as CVE-2019-14899.
. .
* Some data spoofing attacks are made harder. * Some data spoofing attacks are made harder.
. .

5
etc/sysctl.d/tcp_hardening.conf
View file

@ -33,4 +33,9 @@ net.ipv4.tcp_syncookies=1
net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0
## Enable reverse path filtering to prevent IP spoofing and
## mitigate vulnerabilities such as CVE-2019-14899.
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
#### meta end #### meta end