curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(caddy-nixos-2): disable sysrq

This commit is contained in:
MDLeom 2020-03-23 06:27:33 +00:00
parent 44b6006d56
commit 233b7696c4
No known key found for this signature in database
GPG Key ID: 5D9DB57A25D34EE3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/_posts/caddy-nixos-part-2.md
View File

@ -268,6 +268,8 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
## Network hardening and performance ## Network hardening and performance
boot.kernel.sysctl = { boot.kernel.sysctl = {
# Disable magic SysRq key
"kernel.sysrq" = 0;
# Ignore ICMP broadcasts to avoid participating in Smurf attacks # Ignore ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = 1; "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
# Ignore bad ICMP errors # Ignore bad ICMP errors