Custom Search

Setting up a secure Linux server - /proc Startup Script

#!/bin/sh
#compiled by brent kevin krkosska
#ipv4 only
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $f; done
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "1" > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo "0" > $f; done
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo "0" > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo "0" > $f; done
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "60" > /proc/sys/kernel/panic
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "200" > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#experimental - be verbose on dynamic ip addresses
echo "2" > /proc/sys/net/ipv4/ip_dynaddr







www.fiveanddime.net








Custom Search