that's the thing, i'm reading up on sysctl and don't have the necessary knowledge to know what to "expect" at the moment.though some did actually intrigue me such as: 19 #net.ipv4.conf.default.rp_filter=1 20 #net.ipv4.conf.all.rp_filter=1 43 # Do not accept ICMP redirects (prevent MITM attacks) 44 #net.ipv4.conf.all.accept_redirects = 0 45 #net.ipv6.conf.all.accept_redirects = 0
> Subject: Re: sysctl.conf > From: ralf.mard...@alice-dsl.net > To: debian-user@lists.debian.org > Date: Sat, 26 Oct 2013 21:58:59 +0200 > > On Sat, 2013-10-26 at 21:37 +0200, Roland RoLaNd wrote: > > All, > > > > > > I'm reading up on how to harden debian. > > i just checked /etc/sysctl.conf and noticed that everything is > > commented out. > > do that mean they're running as defaults or none of what exists in > > this file is implemented? > > What do you expect? > > I'm using another distro that switched. > > ls /etc/sysctl* > /etc/sysctl.conf.pacnew /etc/sysctl.conf.pacsave > > /etc/sysctl.d: > > blah > > To my surprise, there where unusual settings in /etc/sysctl.conf, I > dropped them during the transition. > > What exactly should be not commented out by default? > > For the distro I'm using there only is > > net.ipv4.tcp_syncookies = 1 > net.ipv4.ip_forward = 0 > net.ipv6.conf.all.forwarding = 0 > > by default. I had much more in my /etc/sysctl.conf, caused by what ever > package, but not by me and after I dropped those settings, nothing evil > happened. > > So again, what should be enabled by this file? > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/1382817539.656.269.camel@archlinux >
