Server Security
I am back again with another question that involves Lynis. Can someone please tell me what all of this means:
- Comparing sysctl key pairs with scan profile...
- kernel.core_uses_pid (1) [ OK ]
- kernel.ctrl-alt-del (0) [ OK ]
- kernel.exec-shield (1) [ OK ]
- kernel.sysrq (0) [ OK ]
- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_source_route (0) [ OK ]
- net.ipv4.conf.all.bootp_relay (0) [ OK ]
- net.ipv4.conf.all.forwarding (0) [ OK ]
- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
- net.ipv4.conf.all.mc_forwarding (0) [ OK ]
- net.ipv4.conf.all.proxy_arp (0) [ OK ]
- net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]
- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_source_route (0) [ OK ]
- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
- net.ipv4.icmp_echo_ignore_broadcasts (1) [ OK ]
- net.ipv4.icmp_ignore_bogus_error_responses (1) [ OK ]
- net.ipv4.tcp_syncookies (1) [ DIFFERENT ]
- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_source_route (0) [ OK ]
- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_source_route (0) [ OK ]
Thanks for the help in advanced.
-Shane
Comments
-
This means that when it ran the comparison scan it noted the listed items in the kernel modifications, the question you want to ask is why are some items listed as DIFFERNT.0
-
Ok then, why are some files listed at different and how can I get them back to saying ok beside them.0
-
Lets first look at what is listed to see if you need to reinstate the changes:
- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
- net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]
- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
- net.ipv4.tcp_syncookies (1) [ DIFFERENT ]
- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]
It looks like the firewal application on your system has disabled redirects, enabling logging of martian packets, enabled rp_filter, enable tcp syncookie blocking and disabled tcp_timestamps. All of these modifications have reinforced your system, so they are the preferred settings.
Rather than trying to reinstate the settings I recommend that you run another baseline scan to save these are your preferred settings.
You can read http://ipsysctl-tutorial.frozentux.net/chunkyhtml/index.html to get information about the listed settings.0 -
Thanks for the help mfillpot. I really appreciate all the help you have gave me.0
-
You are just fortunate that this was all covered my recent research involved in making a strong client side firewall.
As always, I am always glad to help when and if I can.
On the same note, the results give the impression that you are probably now running a good firewall.0
Categories
- 8.9K All Categories
- 13 LFX Mentorship
- 66 LFX Mentorship: Linux Kernel
- 363 Linux Foundation Boot Camps
- 231 Cloud Engineer Boot Camp
- 70 Advanced Cloud Engineer Boot Camp
- 25 DevOps Engineer Boot Camp
- 4 Cloud Native Developer Boot Camp
- 867 Training Courses
- 15 LFC110 Class Forum
- 16 LFD102 Class Forum
- 102 LFD103 Class Forum
- 3 LFD121 Class Forum
- 55 LFD201 Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- 19 LFD254 Class Forum
- 434 LFD259 Class Forum
- 86 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 16 LFS200 Class Forum
- 696 LFS201 Class Forum
- LFS201-JP クラス フォーラム
- 271 LFS211 Class Forum
- 50 LFS216 Class Forum
- 26 LFS241 Class Forum
- 28 LFS242 Class Forum
- 19 LFS243 Class Forum
- 6 LFS244 Class Forum
- 9 LFS250 Class Forum
- LFS250-JP クラス フォーラム
- 110 LFS253 Class Forum
- 794 LFS258 Class Forum
- 7 LFS258-JP クラス フォーラム
- 51 LFS260 Class Forum
- 79 LFS261 Class Forum
- 14 LFS262 Class Forum
- 76 LFS263 Class Forum
- 14 LFS264 Class Forum
- 10 LFS266 Class Forum
- 8 LFS267 Class Forum
- 9 LFS268 Class Forum
- 6 LFS269 Class Forum
- 181 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- 188 LFW211 Class Forum
- 104 LFW212 Class Forum
- 879 Hardware
- 207 Drivers
- 74 I/O Devices
- 43 Monitors
- 115 Multimedia
- 205 Networking
- 98 Printers & Scanners
- 82 Storage
- 724 Linux Distributions
- 82 Debian
- 64 Fedora
- 12 Linux Mint
- 13 Mageia
- 22 openSUSE
- 126 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 347 Ubuntu
- 448 Linux System Administration
- 33 Cloud Computing
- 64 Command Line/Scripting
- Github systems admin projects
- 89 Linux Security
- 74 Network Management
- 105 System Management
- 45 Web Management
- 50 Mobile Computing
- 18 Android
- 19 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 500 Off Topic
- 120 Introductions
- 193 Small Talk
- 19 Study Material
- 749 Programming and Development
- 241 Kernel Development
- 474 Software Development
- 902 Software
- 247 Applications
- 178 Command Line
- 2 Compiling/Installing
- 72 Games
- 314 Installation
- 20 All In Program
- 20 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)