Securing and Optimizing Linux:RedHat Edition | All about OS

The kernel tunable parameters

Категория: Securing and Optimizing

• To restart all network devices manually on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/network restart
Setting network parameters [ OK ]
Bringing up interface lo [ OK ]
Bringing up interface ethO [ OK ]
Bringing up interface eth1 [ OK ]
Enable IP spoofing protection
The spoofing protection prevents your network from being the source of spoofed (i.e. forged) communications that are often used in DoS Attacks.
Under Red Hat Linux 6.1
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
> echo 1 > $f
> done
[root@deep /]#
Add the above commands to the 7etc/rc.d/rc.local” script file and you’ll not have to type it again the next time you reboot your system.
Under Red Hat Linux 6.2
Edit the 7etc/sysctl.conf file and add the following line:
# Enable IP spoofing protection, turn on Source Address Verification net.ipv4.conf.all.rp_filter = 1
You must restart your network for the change to take effect. The command to restart the network is the following:
• To restart all network devices manually on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/network restart
Setting network parameters [ OK ]
Bringing up interface lo [ OK ]
Bringing up interface ethO [ OK ]
Bringing up interface eth1 [ OK ]
Log Spoofed Packets, Source Routed Packets, Redirect Packets
This protection will log all Spoofed Packets, Source Routed Packets, and Redirect Packets to your log files.
Under Red Hat Linux 6.1
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/log_martians; do
> echo 1 > $f
> done
[root@deep /]#
Add the above commands to the 7etc/rc.d/rc.local” script file and you’ll not have to type it again the next time you reboot your system.
Under Red Hat Linux 6.2
Edit the “/etc/sysdl.conf file and add the following line:
# Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 1
You must restart your network for the change to take effect. The command to restart the network is the following:
• To restart all network devices manually on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/network restart
Setting network parameters [ OK ]
Bringing up interface lo [ OK ]
Bringing up interface ethO [ OK ]
Bringing up interface eth1 [ OK ]

Страниц: 1 2 3 4 5

« Fix the permissions under “/etc/rc.d/init.d” directory for script files
Unusual or hidden files »