[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: sysctl.conf



that's the thing,  i'm reading up on sysctl and don't have the necessary knowledge to know what to "expect" at the moment.
though some did actually intrigue me such as:

 19 #net.ipv4.conf.default.rp_filter=1
 20 #net.ipv4.conf.all.rp_filter=1

 43 # Do not accept ICMP redirects (prevent MITM attacks)
 44 #net.ipv4.conf.all.accept_redirects = 0
 45 #net.ipv6.conf.all.accept_redirects = 0


> Subject: Re: sysctl.conf
> From: ralf.mardorf@alice-dsl.net
> To: debian-user@lists.debian.org
> Date: Sat, 26 Oct 2013 21:58:59 +0200
>
> On Sat, 2013-10-26 at 21:37 +0200, Roland RoLaNd wrote:
> > All,
> >
> >
> > I'm reading up on how to harden debian.
> > i just checked /etc/sysctl.conf and noticed that everything is
> > commented out.
> > do that mean they're running as defaults or none of what exists in
> > this file is implemented?
>
> What do you expect?
>
> I'm using another distro that switched.
>
> ls /etc/sysctl*
> /etc/sysctl.conf.pacnew /etc/sysctl.conf.pacsave
>
> /etc/sysctl.d:
>
> blah
>
> To my surprise, there where unusual settings in /etc/sysctl.conf, I
> dropped them during the transition.
>
> What exactly should be not commented out by default?
>
> For the distro I'm using there only is
>
> net.ipv4.tcp_syncookies = 1
> net.ipv4.ip_forward = 0
> net.ipv6.conf.all.forwarding = 0
>
> by default. I had much more in my /etc/sysctl.conf, caused by what ever
> package, but not by me and after I dropped those settings, nothing evil
> happened.
>
> So again, what should be enabled by this file?
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/[🔎] 1382817539.656.269.camel@archlinux
>

Reply to: