lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

What is a ipv6?

Browse source
This commit is contained in:
Tastatur 2023-12-29 01:04:48 +01:00
parent 560497604a
commit ae47f6bbd2
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/alpine-desktop-setup/post-install/security.md
View file

@ -41,6 +41,8 @@ cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pt
After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now.
> Whilst booting up your system you may see sysctl complaining about ipv6 setting. [It's getting worked on](https://git.bijl.us/lnco/documentation/issues/30).
## Sysctl
More kernel settings can be configured through sysctl. All these settings are also explained on [Madaidans-insecurities page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel). Edit the file `/etc/sysctl.d/main.conf`:
@ -68,17 +70,11 @@ net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.icmp_echo_ignore_all=1
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.accept_ra=0
net.ipv4.tcp_sack=0
net.ipv4.tcp_dsack=0
net.ipv4.tcp_fack=0