systems:media_server:secure_the_server:harden_linux_kernel_configuration_parameters
This is an old revision of the document!
Table of Contents
Systems - Media Server - Secure the Server - Harden Linux kernel configuration parameters
The Linux kernel is flexible, and the way it works can be modified on the fly by dynamically changing some of its parameters using the sysctl command.
- sysctl can be used to both read and write sysctl data; i.e. it provides an interface that allows the examination and change of several hundred kernel parameters in Linux.
- Changes take effect immediately, and there is even a way to make them persist after a reboot.
- The parameters available are those listed under /proc/sys/.
IMPORTANT NOTE: Editing the sysctl.conf file might break the system - this is for advanced users only.
Make a backup of the existing /etc/sysctl.conf file
sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
Modify the sysctl file
sudo vi /etc/sysctl.conf
Remove the hash sign in front of certain command lines to stop some spoofing attacks and enhance other security measures:
- /etc/sysctl.conf
net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 net.ipv4.tcp_syncookies=1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_source_route = 0
Save the /etc/sysctl.conf file.
Activate the kernel settings that have been modified
This reloads the sysctl parameters:
sudo sysctl -p
systems/media_server/secure_the_server/harden_linux_kernel_configuration_parameters.1748692467.txt.gz · Last modified: 2025/05/31 11:54 by peter