What is sysctl and how can I use it secure my server?

Sysctl is read/write system parameters used to configure runtime kernel parameters. We will configure sysctl to disable broadcast ping responses (prevent ping attacks), enable IP Spoofing protection and also enable TCP SYN Cookie protection.

## Use text editor to edit /etc/sysctl.conf
bash# nano /etc/sysctl.conf

## Edit or modify the following parameters
# Disable ping response
net.ipv4.icmp_echo_ignore_broadcasts = 1
#net.ipv4.icmp_echo_ignore_all = 1
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

##To apply the To apply the changes, perform the following command as a root user.
bash# sysctl -p


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s