当前位置: 首页 > 业界动态 > 技术实现 > 本文


网络安全选项的调整




发布时间: 2012-7-31 15:36:11  

 /proc/sys: 网络安全选项的调整

  ? 让系统对 ping 没有反应

  ? 让系统对广播没有反应

  ? 取消 IP source routing

  ? 开启 TCP SYN Cookie 保护

  ? 取消 ICMP 接受 Redirect

  ? 开启错误讯息保护

  ? 开启 IP 欺骗保护

  ? 记录Spoofed Packets, Source Routed Packets, Redirect Packets

  Redhat 6.1 的做法::/proc/sys/net/ipv4

  [[email protected] /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

  [[email protected] /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

  [[email protected] /]# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do

  > echo 0 > $f

  > done

  [[email protected] /]# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

  [[email protected] /]# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do

  > echo 0 > $f

  > done

  [[email protected] /]# echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

  [[email protected] /]# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do

  > echo 0 > $f

  > done

  [[email protected] /]# for f in /proc/sys/net/ipv4/conf/*/log_martians; do

  > echo 0 > $f

  > done

  Redhat 6.2 的做法:

  编辑 "/etc/sysctl.conf" 档案,并加入下面几行,

  # Enable ignoring ping request

  net.ipv4.icmp_echo_ignore_all = 1

  # Enable ignoring broadcasts request

  net.ipv4.icmp_echo_ignore_broadcasts = 1

  # Disables IP source routing

  net.ipv4.conf.all.accept_source_route = 0

  # Enable TCP SYN Cookie Protection

  net.ipv4.tcp_syncookies = 1

  # Disable ICMP Redirect Acceptance

  net.ipv4.conf.all.accept_redirects = 0

  # Enable bad error message Protection

  net.ipv4.icmp_ignore_bogus_error_responses = 1

  # Enable IP spoofing protection, turn on Source Address Verification

  net.ipv4.conf.all.rp_filter = 1

  # Log Spoofed Packets, Source Routed Packets, Redirect Packets

  net.ipv4.conf.all.log_martians = 1

  很后重新激活 network

  [[email protected] /]# /etc/rc.d/init.d/network restart

    本文来源:CSDN

 

    相关文章推荐:云安全在安全网关中的应用

分享到:
阅读:1524次
推荐阅读:

版权所有 © 2011-2017 南京云创大数据科技股份有限公司(股票代码:835305), 保留一切权利。(苏ICP备11060547号-1)  
云创大数据-专业的云存储、大数据、云计算产品供应商