Wiki

User Tools

Site Tools

Trace:
systems:media_server:secure_the_server:harden_linux_kernel_configuration_parameters

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
systems:media_server:secure_the_server:harden_linux_kernel_configuration_parameters [2025/05/31 12:11] petersystems:media_server:secure_the_server:harden_linux_kernel_configuration_parameters [2025/05/31 16:07] (current) peter
Line 3: Line 3:
 The Linux kernel is flexible, and the way it works can be modified on the fly by dynamically changing some of its parameters using the **sysctl** command. The Linux kernel is flexible, and the way it works can be modified on the fly by dynamically changing some of its parameters using the **sysctl** command.
  
-  * **sysctl** can be used to both read and write sysctl data; i.e. it provides an interface that allows the examination and change of several hundred kernel parameters in Linux. +  * **sysctl** allows the viewing and changing of kernel settings on running system.
-  * Changes take effect immediately, and there is even a way to make them persist after reboot.+
     * The parameters available are those listed under /proc/sys/.     * The parameters available are those listed under /proc/sys/.
 +  * Changes take effect immediately.
 +  * The related **/etc/sysctl.conf** file is used to ensure that the settings persist after a reboot.
  
 <WRAP alert> <WRAP alert>
 **IMPORTANT NOTE:**  Editing the sysctl.conf file might break the system - this is for advanced users only. **IMPORTANT NOTE:**  Editing the sysctl.conf file might break the system - this is for advanced users only.
 </WRAP> </WRAP>
- 
  
 ---- ----
  
-====== Make a backup of the existing /etc/sysctl.conf file ======+===== Make a backup of the existing /etc/sysctl.conf file =====
  
 <code bash> <code bash>
Line 22: Line 22:
 ---- ----
  
-====== Modify the sysctl file ======+===== Modify the sysctl file =====
  
 Add the following entries to the bottom of the **/etc/sysctl.conf** file to stop some spoofing attacks and enhance other security measures: Add the following entries to the bottom of the **/etc/sysctl.conf** file to stop some spoofing attacks and enhance other security measures:
Line 64: Line 64:
 kernel.panic = 60 kernel.panic = 60
 kernel.sysrq = 0 kernel.sysrq = 0
 +
  
 # File System Security # File System Security
Line 73: Line 74:
  
 # Additional Security Measures # Additional Security Measures
 +#dev.tty.ldisc_autoload = 0
 +#kernel.modules_disabled = 1
 kernel.core_uses_pid = 1 kernel.core_uses_pid = 1
 kernel.panic_on_unrecovered_nmi = 1 kernel.panic_on_unrecovered_nmi = 1
Line 84: Line 87:
 ---- ----
  
-====== Activate the kernel settings that have been modified ======+===== Activate the kernel settings that have been modified =====
  
 This reloads the sysctl parameters: This reloads the sysctl parameters:
Line 93: Line 96:
  
 ---- ----
- 
- 
systems/media_server/secure_the_server/harden_linux_kernel_configuration_parameters.1748693489.txt.gz · Last modified: 2025/05/31 12:11 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki