# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 # # CAP specific modifications # # 1.6.1 Restrict Core Dumps fs.suid_dumpable = 0 # 4.1.2 Disable Send Packet Redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 4.2.1 Disable Source Routed Packet Acceptance net.ipv4.conf.all.accept_source_route = 0 # 4.2.2 Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # 4.2.4 Log Suspicious Packets net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martians=1 # 4.2.5 Enable Ignore Broadcast Requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # 4.2.6 Enable Bad Error Message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # added security settings net.ipv4.tcp_max_syn_backlog = 4096 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.icmp_echo_ignore_all = 0 # 4.4.1 Configure IPv6 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 #4.4.1.2 Disable IPv6 Redirect Acceptance net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0