How do you like to secure/harden your sysctl.conf in Linux systems

>>56596342

Mine is just default Debian right now I was hoping to hear from some experienced guys, doing some research on securing sysctl.conf and there's so many mixed messages, many things will break web browsing functionality for a desktop user but are useful for a server.

Right now my modifications are just disabling ipv6, very dangerous IMO to have ipv6 open.

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

Anonymous 2016-09-14 13:02:11 Post No.56596537
[Report]

Anonymous 2016-09-14 13:02:11 Post No.56596537 [Report]

Bump...very interested in hearing some real world applied sysctl's with explanations on the reasoning behind directives you used.

Anonymous 2016-09-14 13:20:13 Post No.56596746
[Report]

Anonymous 2016-09-14 13:20:13 Post No.56596746 [Report]

>>56596537
I guess the Arch wiki can be a good start.
https://wiki.archlinux.org/index.php/sysctl

You can also do
sysctl -a
to view all possible values. I unfortunately don't think there's any information included anywhere on what the values do so you'll have to use a search engine for that.

Anonymous 2016-09-14 13:22:49 Post No.56596766
[Report]

Anonymous 2016-09-14 13:22:49 Post No.56596766 [Report]

>>56596746

Thank you for the link, will check it out now. I'd personally love to see examples of sysctl configs people have in place and why they've set them up that way in those scenarios.

Here's what I was just looking through, a hardened sysctl.conf for a Ubuntu server setup:
https://easyengine.io/tutorials/linux/sysctl-conf/

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible. Read more on this topic here - https://archived.moe/talk/thread/1694/

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/