Sysctl

Aus crazylinux.de
Version vom 27. November 2006, 20:15 Uhr von Jonathan (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

sysctl.conf hardening - Helps prevent TCP/IP stack from syn-flood attacks and other network abuses.

vi /etc/sysctl.conf

add the below code:

# Enable IP spoofing protection, turn on Source Address Verification (is alow done, not needed on this server, maybe from shorewall!)
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

from http://blog.eukhost.com/category/server-security/page/3/