网络安全选项的调整
点击次数:16 次 发布日期:2008-11-29 13:36:29 作者:源代码网
|
/proc/sys 网络安全选项的调整 ? 让系统对 ping 没有反应 ? 让系统对广播没有反应 ? 取消 IP source routing ? 开启 TCP SYN Cookie 保护 ? 取消 ICMP 接受 Redirect ? 开启错误讯息保护 ? 开启 IP 欺骗保护 ? 记录Spoofed Packets, Source Routed Packets, Redirect Packets Redhat 6.1 的做法: [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do > echo 0 > $f > done [root@deep /]# echo 1 > /proc/sys/net/ipv4/tcp_syncookies [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do > echo 0 > $f > done [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do > echo 0 > $f > done [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/log_martians; do > echo 0 > $f > done Redhat 6.2 的做法: 编辑 "/etc/sysctl.conf" 档案,并加入下面几行, # Enable ignoring ping request net.ipv4.icmp_echo_ignore_all = 1 # Enable ignoring broadcasts request net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 # Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # Enable IP spoofing protection, turn on Source Address Verification net.ipv4.conf.all.rp_filter = 1 # Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 1 最后重新激活 network [root@deep /]# /etc/rc.d/init.d/network restart 源代码网供稿. |
