From 3ed5844553e766af3a8e6df70ff882c79342a153 Mon Sep 17 00:00:00 2001 From: Lorenzo Tucci Date: Mon, 23 Aug 2021 20:05:42 +0200 Subject: [PATCH] feat: add rc.local, update lynis --- lynis/etc/lynis/custom.prf | 15 +++++++++++++-- rc.local/etc/rc.local | 9 +++++++++ sysctl/etc/sysctl.conf | 4 ++++ 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 rc.local/etc/rc.local diff --git a/lynis/etc/lynis/custom.prf b/lynis/etc/lynis/custom.prf index 38d246e..c367c83 100644 --- a/lynis/etc/lynis/custom.prf +++ b/lynis/etc/lynis/custom.prf @@ -5,9 +5,20 @@ skip-test=USB-1000 skip-test=STRG-1846 skip-test=PRNT-2308 skip-test=FILE-6310 +skip-test=BOOT-5122 +skip-test=BOOT-5260 +skip-test=BOOT-5260 + +# Disable /etc/issue checking +skip-test=BANN-7126 +skip-test=BANN-7130 + +# Disable some SSH feature checks that we intend to keep skip-test=SSH-7408:tcpkeepalive skip-test=SSH-7408:allowtcpforwarding skip-test=SSH-7408:compression skip-test=SSH-7408:port -skip-test=BANN-7126 -skip-test=BANN-7130 + +# Old packages +skip-test=CUST-0810 +skip-test=CUST-0285 diff --git a/rc.local/etc/rc.local b/rc.local/etc/rc.local new file mode 100644 index 0000000..6f8eb97 --- /dev/null +++ b/rc.local/etc/rc.local @@ -0,0 +1,9 @@ +#!/bin/bash +# /etc/rc.local + +# file needed to correctly load kernel parameters at boot time +# on Ubuntu (ex. to disable ipv6) without modifying grub +/etc/sysctl.d +/etc/init.d/procps restart + +exit 0 diff --git a/sysctl/etc/sysctl.conf b/sysctl/etc/sysctl.conf index 0729e28..bd29550 100644 --- a/sysctl/etc/sysctl.conf +++ b/sysctl/etc/sysctl.conf @@ -35,6 +35,10 @@ net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 1 +# Uncomment do disable ipv6 +#net.ipv6.conf.all.disable_ipv6=1 +#net.ipv6.conf.default.disable_ipv6=1 +#net.ipv6.conf.lo.disable_ipv6=1 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_source_route = 0