человечность, устанавливающая системные переменные
Я пытаюсь защитить свой сервер как ниже системных переменных
net.ipv4.icmp_echo_ignore_all=1
# IP Spoofing protection
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
#Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts=1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
# Ignore send redirects
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
# Block SYN attacks
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=5
# Log Martians
net.ipv4.conf.all.log_martians=1
net.ipv4.icmp_ignore_bogus_error_responses=1
# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all=1
Изображение:
Но я добираюсь, некоторая ошибка происходят, когда я применил правила.
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/rp_filter: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/rp_filter: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/default/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/send_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/send_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_max_syn_backlog: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_synack_retries: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_syn_retries: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/log_martians: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/default/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_echo_ignore_all: No such file or directory
Ошибочные изображения: 
Здесь кошка-A/etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1$
# IP Spoofing protection$
M-bM-^@M-^Knet.ipv4.conf.all.rp_filter=1$
M-bM-^@M-^Knet.ipv4.conf.default.rp_filter=1$
#Ignore ICMP broadcast requests$
M-bM-^@M-^Knet.ipv4.icmp_echo_ignore_broadcasts=1$
# Disable source packet routing$
M-bM-^@M-^Knet.ipv4.conf.all.accept_source_route=0$
M-bM-^@M-^Knet.ipv6.conf.all.accept_source_route=0$
M-bM-^@M-^Knet.ipv4.conf.default.accept_source_route=0$
M-bM-^@M-^Knet.ipv6.conf.default.accept_source_route=0$
# Ignore send redirects$
M-bM-^@M-^Knet.ipv4.conf.all.send_redirects=0$
M-bM-^@M-^Knet.ipv4.conf.default.send_redirects=0$
# Block SYN attacks$
M-bM-^@M-^Knet.ipv4.tcp_syncookies=1$
M-bM-^@M-^Knet.ipv4.tcp_max_syn_backlog=2048$
M-bM-^@M-^Knet.ipv4.tcp_synack_retries=2$
M-bM-^@M-^Knet.ipv4.tcp_syn_retries=5$
# Log Martians$
M-bM-^@M-^Knet.ipv4.conf.all.log_martians=1$
M-bM-^@M-^Knet.ipv4.icmp_ignore_bogus_error_responses=1$
# Ignore ICMP redirects$
M-bM-^@M-^Knet.ipv4.conf.all.accept_redirects=0$
M-bM-^@M-^Knet.ipv6.conf.all.accept_redirects=0$
M-bM-^@M-^Knet.ipv4.conf.default.accept_redirects=0$
M-bM-^@M-^Knet.ipv6.conf.default.accept_redirects=0$
# Ignore Directed pings$
M-bM-^@M-^Knet.ipv4.icmp_echo_ignore_all=1$
root@ubuntu-s-2vcpu-4gb-lon1-01:/etc#
0
задан Heng Sopheak
27 December 2018 в 08:52
поделиться
1 ответ
Вместо
net.ipv4.icmp_echo_ignore_broadcasts = 1
Измените каждую строку, таким образом, никакие пробелы не существуют между переменными и значениями, как так
net.ipv4.icmp_echo_ignore_broadcasts=1
2
ответ дан George Udosen
26 October 2019 в 17:51
поделиться