- 论坛徽章:
- 0
|
Kernel:
Disable core dumps
/etc/security/limits
core
Network parameters:
# Deal with SYN-flood attacks as best we can.
/usr/sbin/no -o clean_partial_conns=1
# Do not allow SMURF broadcast attacks.
/usr/sbin/no -o directed_broadcast=0
# Don't allow other machines to reset our netmask
/usr/sbin/no -o icmpaddressmask=0
# Ignore redirects, don't send them ourselves.
# ICMP Redirect is a poor excuse for a routing protocol.
/usr/sbin/no -o ipignoreredirects=1
/usr/sbin/no -o ipsendredirects=0
# Refuse to have anything to do with source-routed packets.
/usr/sbin/no -o ipsrcrouteforward=0
/usr/sbin/no -o ipsrcrouterecv=0
/usr/sbin/no -o ipsrcroutesend=0
/usr/sbin/no -o nonlocsrcroute=0
For AIX 5L,we use the command:
no -r -o para=value
then "shutdown -Fr" the system.
or use
no -p -o para=value
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/4031/showart_196070.html |
|
免费注册
发表于 2006-11-06 16:35