6
Harden sysctl.conf by Sparrow checks (wp.me)
submitted 1 year ago* (last edited 1 year ago) by melezhik@programming.dev to c/linux@programming.dev
7 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] nesc@lemmy.cafe 7 points 1 year ago* (last edited 1 year ago)

You definitely shouldn't copy and paste things like this.

[-] melezhik@programming.dev 2 points 1 year ago

sorry, could you please elaborate on "shouldn’t copy" ? thanks

[-] nesc@lemmy.cafe 4 points 1 year ago

For example if you blindly apply this and forget, you may encounter problems with ipv6 or with your vpn. So it's really depends on your use case and not hardening in general.

[-] melezhik@programming.dev 2 points 1 year ago* (last edited 1 year ago)

fair enough, however the intention is to show how one could create rules on Sparrow/Raku, not to show rules ... Maybe I should have mentioned that ...

for example this is more interesting example evaluation of net.ipv4.tcp_synack_retries"

regexp: ^^ "net.ipv4.tcp_synack_retries" \s* "=" \s* (\d+) \s* $$

generator: <<RAKU
!raku
if matched().elems {
  my $v = capture()[];
  say "note: net.ipv4.tcp_synack_retries={$v}";
  if $v >= 3 && $v <= 5 {
     say "assert: 1 net.ipv4.tcp_synack_retries in [3..5] range"
  } else {
     say "assert: 0 net.ipv4.tcp_synack_retries in [3..5] range"
  }
} else {
  say "note: net.ipv4.tcp_synack_retries setting not found"
}
RAKU
[-] melezhik@programming.dev 1 points 1 year ago* (last edited 1 year ago)

you are seemed to have edited your initial reply - "it should be sysctl.conf not syslog.conf " - anyway thanks for that, now it's fixed, this was just overlook typo

this post was submitted on 04 Feb 2025
6 points (80.0% liked)

Linux

11584 readers
412 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev