How can I harden /etc/sysctl.conf and disable ICMP broadcast requests? Core

Ping is the most basic method of determining whether a server is reachable over the internet. Ping works by sending ICMP echo request packets to the destination host and waiting for an ICMP broadcast requests echo response. It’s only used for troubleshooting and testing. When there isn’t a need for it, you must disable it. It’s also a good idea to harden /etc/sysctl.confusing the following settings.

$ vi /etc/sysctl.conf# Ignore ICMP broadcast requests

net.ipv4.icmp_echo_ignore_all = 1# Ignore Broadcast request

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_messages=1# Turn on execshield

kernel.exec-shield=1

kernel.randomize_va_space=1# Enable IP spoofing protection

net.ipv4.conf.all.rp_filter=1# Make sure spoofed packets get logged

net.ipv4.conf.all.log_martians = 1# Disable IP source routing

net.ipv4.conf.all.accept_source_route=0// Load new changes

$ sysctl -p

At Velan, our server support engineers can harden& manage your Linux server. If you are interested in our service, please fill the Quick connect form to get in touch with us.

Credentials

Quick Connect With Us