mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 16:59:23 -05:00
Merge pull request #76 from flawedworld/patch-2
Add IPv6 sysctl options and enforce kernel.perf_event_paranoid=3
This commit is contained in:
commit
ae90107e6d
@ -82,6 +82,8 @@ net.ipv6.conf.default.accept_redirects=0
|
||||
## Disables ICMP redirect sending.
|
||||
net.ipv4.conf.all.send_redirects=0
|
||||
net.ipv4.conf.default.send_redirects=0
|
||||
net.ipv6.conf.all.accept_redirects=0
|
||||
net.ipv6.conf.default.accept_redirects=0
|
||||
|
||||
## Ignores ICMP requests.
|
||||
net.ipv4.icmp_echo_ignore_all=1
|
||||
@ -92,6 +94,8 @@ net.ipv4.tcp_syncookies=1
|
||||
## Disable source routing.
|
||||
net.ipv4.conf.all.accept_source_route=0
|
||||
net.ipv4.conf.default.accept_source_route=0
|
||||
net.ipv6.conf.all.accept_source_route=0
|
||||
net.ipv6.conf.default.accept_source_route=0
|
||||
|
||||
## Enable reverse path filtering to prevent IP spoofing and
|
||||
## mitigate vulnerabilities such as CVE-2019-14899.
|
||||
@ -145,3 +149,12 @@ vm.unprivileged_userfaultfd=0
|
||||
## - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html
|
||||
## - https://en.wikipedia.org/wiki/Swappiness
|
||||
vm.swappiness=1
|
||||
|
||||
## Disallow kernel profiling by users without CAP_SYS_ADMIN
|
||||
## https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
||||
kernel.perf_event_paranoid=3
|
||||
|
||||
# Do not accept router advertisments
|
||||
net.ipv6.conf.all.accept_ra=0
|
||||
net.ipv6.conf.default.accept_ra=0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user