Simple System Hardening

A forum for all your security related discussions. Topics might include security tips, exploits, vulnerabilities, firewalls, permissions, best practices, etc.
Post Reply
User avatar
mrgfy
Posts: 16
Joined: Sun Jan 19, 2020 4:10 am
Contact:

Simple System Hardening

Post by mrgfy » Sat Feb 01, 2020 10:23 pm

Restricting access to kernel logs.

Code: Select all

echo "kernel.dmesg_restrict = 1" > /etc/sysctl.d/50-dmesg-restrict.conf
Restricting access to kernel pointers.

Code: Select all

echo "kernel.kptr_restrict = 1" > /etc/sysctl.d/50-kptr-restrict.conf
ExecShield protection.

Code: Select all

echo "kernel.exec-shield = 2" > /etc/sysctl.d/50-exec-shield.conf
Randomise memory space.

Code: Select all

echo "kernel.randomize_va_space = 2" > /etc/sysctl.d/50-rand-va-space.conf
Ensure syslog service is enabled and running.

Code: Select all

systemctl enable rsyslog.service

Code: Select all

systemctl start rsyslog.service
Enable TCP SYN Cookie protection.

Code: Select all

echo "net.ipv4.tcp_syncookies = 1" > /etc/sysctl.d/50-net-stack.conf
Disable IP source routing.

Code: Select all

echo "net.ipv4.conf.all.accept_source_route = 0" > /etc/sysctl.d/50-net-stack.conf
Disable ICMP redirect acceptance.

Code: Select all

echo "net.ipv4.conf.all.accept_redirects = 0" > /etc/sysctl.d/50-net-stack.conf
Enable ignoring to ICMP requests.

Code: Select all

echo "net.ipv4.icmp_echo_ignore_all = 1" > /etc/sysctl.d/50-net-stack.conf
Enable ignoring broadcasts request.

Code: Select all

echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/50-net-stack.conf
Last edited by mrgfy on Sun Feb 02, 2020 6:27 am, edited 1 time in total.

User avatar
DistroTube
Site Admin
Posts: 45
Joined: Thu Jan 02, 2020 1:12 am

Re: Simple System Hardening

Post by DistroTube » Sat Feb 01, 2020 10:56 pm

Wow. :o Good stuff, myGFY.

User avatar
mrgfy
Posts: 16
Joined: Sun Jan 19, 2020 4:10 am
Contact:

Re: Simple System Hardening

Post by mrgfy » Sat Feb 01, 2020 11:26 pm

Thnx DT.

Tip Don't forget to append >> when adding new lines to a single file when using echo. :geek:

Post Reply