An XCCDF Group - A logical subset of the XCCDF Benchmark
sysctl
shared_media
net.ipv4.conf.all.accept_local
$ sudo sysctl -w net.ipv4.conf.all.accept_local=0
/etc/sysctl.d
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects
$ sudo sysctl -w net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route
$ sudo sysctl -w net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_filter
$ sudo sysctl -w net.ipv4.conf.all.arp_filter=
net.ipv4.conf.all.arp_filter =
net.ipv4.conf.all.arp_ignore
$ sudo sysctl -w net.ipv4.conf.all.arp_ignore=
net.ipv4.conf.all.arp_ignore =
net.ipv4.conf.all.log_martians
$ sudo sysctl -w net.ipv4.conf.all.log_martians=1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.route_localnet
$ sudo sysctl -w net.ipv4.conf.all.route_localnet=0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter
$ sudo sysctl -w net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects
$ sudo sysctl -w net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.shared_media
$ sudo sysctl -w net.ipv4.conf.all.shared_media=
net.ipv4.conf.all.shared_media =
net.ipv4.conf.default.accept_redirects
$ sudo sysctl -w net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route
$ sudo sysctl -w net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians
$ sudo sysctl -w net.ipv4.conf.default.log_martians=1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.rp_filter
$ sudo sysctl -w net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects
$ sudo sysctl -w net.ipv4.conf.default.secure_redirects=0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.shared_media
$ sudo sysctl -w net.ipv4.conf.default.shared_media=
net.ipv4.conf.default.shared_media =
net.ipv4.icmp_echo_ignore_broadcasts
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses
$ sudo sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_local_port_range
$ sudo sysctl -w net.ipv4.ip_local_port_range=32768 65535
net.ipv4.ip_local_port_range = 32768 65535
/etc/sysctl.conf
/etc/sysctl.d/
net.ipv4.tcp_invalid_ratelimit =
# sysctl --system
net.ipv4.tcp_rfc1337
$ sudo sysctl -w net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_syncookies
$ sudo sysctl -w net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.send_redirects
$ sudo sysctl -w net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects
$ sudo sysctl -w net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.ip_forward
$ sudo sysctl -w net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0