当前位置导航:炫浪网>>网络学院>>操作系统>>Linux教程

网络安全选项的调整


  /proc/sys 网络安全选项的调整
  · 让系统对 ping 没有反应
  · 让系统对广播没有反应
  · 取消 IP source routing
  · 开启 TCP SYN Cookie 保护
  · 取消 ICMP 接受 Redirect
  · 开启错误讯息保护
  · 开启 IP 欺骗保护
  · 记录Spoofed Packets, Source Routed Packets, Redirect Packets
  Redhat 6.1 的做法:
  [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
  [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
  > echo 0 > $f
  > done
  [root@deep /]# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
  [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
  > echo 0 > $f
  > done
  [root@deep /]# echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
  [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
  > echo 0 > $f
  > done
  [root@deep /]# for f in /proc/sys/net/ipv4/conf/*/log_martians; do
  > echo 0 > $f
  > done
  
  Redhat 6.2 的做法:
  编辑 "/etc/sysctl.conf" 档案,并加入下面几行,
  # Enable ignoring ping request
  net.ipv4.icmp_echo_ignore_all = 1
  # Enable ignoring broadcasts request
  net.ipv4.icmp_echo_ignore_broadcasts = 1
  # Disables IP source routing
  net.ipv4.conf.all.accept_source_route = 0
  # Enable TCP SYN Cookie Protection
  net.ipv4.tcp_syncookies = 1
  # Disable ICMP Redirect Acceptance
  net.ipv4.conf.all.accept_redirects = 0
  # Enable bad error message Protection
  net.ipv4.icmp_ignore_bogus_error_responses = 1
  # Enable IP spoofing protection, turn on Source Address Verification
  net.ipv4.conf.all.rp_filter = 1
  # Log Spoofed Packets, Source Routed Packets, Redirect Packets
  net.ipv4.conf.all.log_martians = 1
  最后重新激活 network
  [root@deep /]# /etc/rc.d/init.d/network restart
  
相关内容
赞助商链接