Linux.com

Server Security

Link to this post 24 Feb 10

I am back again with another question that involves Lynis. Can someone please tell me what all of this means:
- Comparing sysctl key pairs with scan profile...
- kernel.core_uses_pid (1) [ OK ]
- kernel.ctrl-alt-del (0) [ OK ]
- kernel.exec-shield (1) [ OK ]
- kernel.sysrq (0) [ OK ]
- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_source_route (0) [ OK ]
- net.ipv4.conf.all.bootp_relay (0) [ OK ]
- net.ipv4.conf.all.forwarding (0) [ OK ]
- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
- net.ipv4.conf.all.mc_forwarding (0) [ OK ]
- net.ipv4.conf.all.proxy_arp (0) [ OK ]
- net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]
- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_source_route (0) [ OK ]
- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
- net.ipv4.icmp_echo_ignore_broadcasts (1) [ OK ]
- net.ipv4.icmp_ignore_bogus_error_responses (1) [ OK ]
- net.ipv4.tcp_syncookies (1) [ DIFFERENT ]
- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_source_route (0) [ OK ]
- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_source_route (0) [ OK ]

Thanks for the help in advanced.


-Shane

Link to this post 24 Feb 10

This means that when it ran the comparison scan it noted the listed items in the kernel modifications, the question you want to ask is why are some items listed as DIFFERNT.

Link to this post 24 Feb 10

Ok then, why are some files listed at different and how can I get them back to saying ok beside them.

Link to this post 24 Feb 10

Lets first look at what is listed to see if you need to reinstate the changes:

- net.ipv4.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.all.log_martians (1) [ DIFFERENT ]
- net.ipv4.conf.all.rp_filter (1) [ DIFFERENT ]
- net.ipv4.conf.all.send_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (0) [ DIFFERENT ]
- net.ipv4.conf.default.log_martians (1) [ DIFFERENT ]
- net.ipv4.tcp_syncookies (1) [ DIFFERENT ]
- net.ipv4.tcp_timestamps (0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_redirects (0) [ DIFFERENT ]

It looks like the firewal application on your system has disabled redirects, enabling logging of martian packets, enabled rp_filter, enable tcp syncookie blocking and disabled tcp_timestamps. All of these modifications have reinforced your system, so they are the preferred settings.

Rather than trying to reinstate the settings I recommend that you run another baseline scan to save these are your preferred settings.

You can read http://ipsysctl-tutorial.frozentux.net/chunkyhtml/index.html to get information about the listed settings.

Link to this post 24 Feb 10

Thanks for the help mfillpot. I really appreciate all the help you have gave me.

Link to this post 25 Feb 10

You are just fortunate that this was all covered my recent research involved in making a strong client side firewall.

As always, I am always glad to help when and if I can.

On the same note, the results give the impression that you are probably now running a good firewall.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board