mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 21:47:02 +01:00
IMP(3.2.1-2): set sysctl params in config file
This commit is contained in:
Charles Herlin
Thibault Ayanides
parent
625a6206c7
commit
d4bbc786a6
@ -13,8 +13,8 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
HARDENING_LEVEL=2
|
HARDENING_LEVEL=2
|
||||||
DESCRIPTION="Disable source routed packet acceptance."
|
DESCRIPTION="Disable source routed packet acceptance."
|
||||||
|
# set in config file
|
||||||
SYSCTL_PARAMS='net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.accept_source_route=0'
|
SYSCTL_PARAMS=''
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
@ -52,6 +52,14 @@ apply () {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=audit
|
||||||
|
# Specify system parameters to audit, space separated
|
||||||
|
SYSCTL_PARAMS="net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.accept_source_route=0"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|||||||
@ -13,8 +13,8 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
HARDENING_LEVEL=2
|
HARDENING_LEVEL=2
|
||||||
DESCRIPTION="Disable ICMP redirect acceptance to prevent routing table corruption."
|
DESCRIPTION="Disable ICMP redirect acceptance to prevent routing table corruption."
|
||||||
|
# set in config file
|
||||||
SYSCTL_PARAMS='net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0'
|
SYSCTL_PARAMS=''
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
@ -52,6 +52,14 @@ apply () {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=audit
|
||||||
|
# Specify system parameters to audit, space separated
|
||||||
|
SYSCTL_PARAMS="net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user