Welcome to the Linux Foundation Forum!

Server Security

ShaneH57
ShaneH57 Posts: 12
in Linux Security

I am back again with another question that involves Lynis. Can someone please tell me what all of this means:

- Comparing sysctl key pairs with scan profile...

- kernel.core_uses_pid (1) [ OK ]

- kernel.ctrl-alt-del (0) [ OK ]

- kernel.exec-shield (1) [ OK ]

- kernel.sysrq (0) [ OK ]

- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]

- net.ipv4.conf.all.accept_source_route (0) [ OK ]

- net.ipv4.conf.all.bootp_relay (0) [ OK ]

- net.ipv4.conf.all.forwarding (0) [ OK ]

- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]

- net.ipv4.conf.all.mc_forwarding (0) [ OK ]

- net.ipv4.conf.all.proxy_arp (0) [ OK ]

- net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]

- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]

- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]

- net.ipv4.conf.default.accept_source_route (0) [ OK ]

- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]

- net.ipv4.icmp_echo_ignore_broadcasts (1) [ OK ]

- net.ipv4.icmp_ignore_bogus_error_responses (1) [ OK ]

- net.ipv4.tcp_syncookies (1) [ DIFFERENT ]

- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]

- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]

- net.ipv6.conf.all.accept_source_route (0) [ OK ]

- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]

- net.ipv6.conf.default.accept_source_route (0) [ OK ]

Thanks for the help in advanced.

-Shane

Comments

  • mfillpot
    mfillpot Posts: 2,177
    This means that when it ran the comparison scan it noted the listed items in the kernel modifications, the question you want to ask is why are some items listed as DIFFERNT.
  • ShaneH57
    ShaneH57 Posts: 12
    Ok then, why are some files listed at different and how can I get them back to saying ok beside them.
  • mfillpot
    mfillpot Posts: 2,177
    Lets first look at what is listed to see if you need to reinstate the changes:

    - net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
    - net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
    - net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]
    - net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
    - net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
    - net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
    - net.ipv4.tcp_syncookies (1) [ DIFFERENT ]
    - net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
    - net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
    - net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]

    It looks like the firewal application on your system has disabled redirects, enabling logging of martian packets, enabled rp_filter, enable tcp syncookie blocking and disabled tcp_timestamps. All of these modifications have reinforced your system, so they are the preferred settings.

    Rather than trying to reinstate the settings I recommend that you run another baseline scan to save these are your preferred settings.

    You can read http://ipsysctl-tutorial.frozentux.net/chunkyhtml/index.html to get information about the listed settings.
  • ShaneH57
    ShaneH57 Posts: 12
    Thanks for the help mfillpot. I really appreciate all the help you have gave me.
  • mfillpot
    mfillpot Posts: 2,177
    You are just fortunate that this was all covered my recent research involved in making a strong client side firewall.

    As always, I am always glad to help when and if I can.

    On the same note, the results give the impression that you are probably now running a good firewall.

Categories

Upcoming Training