LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-03-2002, 08:33 PM   #1
ForumKid
Member
 
Registered: Dec 2001
Posts: 195

Rep: Reputation: 30
/proc entries --> Does anyone have a good list so i dont miss one


ie..(this helps against syn attacks)
cat /proc/sys/net/ipv4/vs/timeout_synack 100
cat /proc/sys/net/ipv4/vs/timeout_synrecv 100
cat /proc/sys/net/ipv4/vs/tcp_max_sym_backlog 100


My question is: Does someone have a good list of all the /proc commands that i should enter? SHould i even be entering them?

THanks

Im just trying to tighten up security.
 
Old 01-04-2002, 04:01 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
This is a very good thread handling /proc/sys/net/ipv4 values.
You might want to add
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f
done
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
echo 1 > $f
done
for disallowing source routed traffic which shouldnt happen, and add logging for some weird packets.

Ofcourse you could enter 'em, or just stuff em in a startup sequence script like /etc/rc.d/rc.sysinit /etc/rc.S or whatever your distro uses. Another way is using sysctl, add the values to /etc/sysctl.conf if your distro uses that.
 
Old 01-07-2002, 06:07 PM   #3
ForumKid
Member
 
Registered: Dec 2001
Posts: 195

Original Poster
Rep: Reputation: 30
I enter:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
in sysctl.conf

and my boot.log shows:
Jan 7 07:29:10 machine sysctl: warning: /etc/sysctl.conf(10): invalid syntax, continuing...

I tried a few variations but i was afraid that i would really mess something up.

Whats wrong with this syntax?
Thanks
 
Old 01-07-2002, 06:30 PM   #4
ForumKid
Member
 
Registered: Dec 2001
Posts: 195

Original Poster
Rep: Reputation: 30
I put the commands in rc.local and waa laa!!! NO errors. NOt sure why, but doesnt matter as long as they were executed without errors
Thanks
 
Old 01-07-2002, 06:33 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Sysctl syntax should look like this:
net.ipv4.tcp_syncookies =1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need good sources.list! Wolvenmoon Debian 3 08-18-2005 09:24 PM
Music CD's dont sound too good. jgibz Linux - Software 2 03-13-2005 05:05 PM
can someone show me a good sources.list? MadSkillzMan Yoper 7 11-12-2004 08:43 PM
all entries in /proc seems to be empty? tuxfood Linux - Newbie 1 08-01-2004 06:31 AM
Computer Stupidities dont miss very very very funny nakkaya General 13 05-14-2003 02:32 PM


All times are GMT -5. The time now is 08:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration