/etc/sysctl.conf
file. Once the file is edited, run sysctl -p
to enable the settings on a persistent basis.
Complete | Requirement | Action | Service/Config |
---|---|---|---|
Should | Set | net.ipv4.ip_forward = 0 [1] | |
Should | Set | net.ipv4.conf.all.send_redirects = 0 [2] | |
Should | Set | net.ipv4.conf.default.send_redirects = 0 [3] | |
Must | Set | net.ipv4.conf.all.accept_redirects = 0 [4] | |
Must | Set | net.ipv4.icmp_echo_ignore_broadcasts = 1 [5] | |
Must | Set | net.ipv4.icmp_ignore_bogus_error_responses = 1 [6] | |
Must | Set | net.ipv4.tcp_syncookies = 1 [7] | |
Must | Set | net.ipv4.conf.all.log_martians = 1 [8] | |
Must | Set | net.ipv4.conf.default.log_martians = 1 [9] | |
Must | Set | net.ipv4.conf.all.accept_source_route = 0 [10] | |
Must | Set | net.ipv4.conf.default.accept_source_route = 0 [11] | |
Must | Set | net.ipv4.conf.all.rp_filter = 1 [12] | |
Must | Set | net.ipv4.conf.default.rp_filter = 1 [13] | |
Must | Set | net.ipv4.conf.default.accept_redirects = 0 [14] | |
Must | Set | net.ipv4.conf.all.secure_redirects = 0 [15] | |
Must | Set | net.ipv4.conf.default.secure_redirects = 0 [16] |
/etc/sysctl.conf
config# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # CSI Compliance net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0