Back to course

Hardening the Linux Kernel (sysctl)

Modern DevSecOps (The Hard Way)

Tuning the Kernel for Security

The file /etc/sysctl.conf controls various kernel parameters that can mitigate networking attacks.

Recommended Settings:

  • Disable IP Forwarding: net.ipv4.ip_forward = 0.
  • Ignore ICMP Redirects: net.ipv4.conf.all.accept_redirects = 0.
  • Enable TCP SYN Cookies (Anti-DoS): net.ipv4.tcp_syncookies = 1.

Apply changes with: sudo sysctl -p.