forked from unitoo/configurations
feat: add rc.local, update lynis
This commit is contained in:
parent
a3d00bd238
commit
3ed5844553
3 changed files with 26 additions and 2 deletions
|
@ -5,9 +5,20 @@ skip-test=USB-1000
|
||||||
skip-test=STRG-1846
|
skip-test=STRG-1846
|
||||||
skip-test=PRNT-2308
|
skip-test=PRNT-2308
|
||||||
skip-test=FILE-6310
|
skip-test=FILE-6310
|
||||||
|
skip-test=BOOT-5122
|
||||||
|
skip-test=BOOT-5260
|
||||||
|
skip-test=BOOT-5260
|
||||||
|
|
||||||
|
# Disable /etc/issue checking
|
||||||
|
skip-test=BANN-7126
|
||||||
|
skip-test=BANN-7130
|
||||||
|
|
||||||
|
# Disable some SSH feature checks that we intend to keep
|
||||||
skip-test=SSH-7408:tcpkeepalive
|
skip-test=SSH-7408:tcpkeepalive
|
||||||
skip-test=SSH-7408:allowtcpforwarding
|
skip-test=SSH-7408:allowtcpforwarding
|
||||||
skip-test=SSH-7408:compression
|
skip-test=SSH-7408:compression
|
||||||
skip-test=SSH-7408:port
|
skip-test=SSH-7408:port
|
||||||
skip-test=BANN-7126
|
|
||||||
skip-test=BANN-7130
|
# Old packages
|
||||||
|
skip-test=CUST-0810
|
||||||
|
skip-test=CUST-0285
|
||||||
|
|
9
rc.local/etc/rc.local
Normal file
9
rc.local/etc/rc.local
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# /etc/rc.local
|
||||||
|
|
||||||
|
# file needed to correctly load kernel parameters at boot time
|
||||||
|
# on Ubuntu (ex. to disable ipv6) without modifying grub
|
||||||
|
/etc/sysctl.d
|
||||||
|
/etc/init.d/procps restart
|
||||||
|
|
||||||
|
exit 0
|
|
@ -35,6 +35,10 @@ net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||||
net.ipv4.tcp_syncookies = 1
|
net.ipv4.tcp_syncookies = 1
|
||||||
net.ipv4.tcp_timestamps = 1
|
net.ipv4.tcp_timestamps = 1
|
||||||
|
|
||||||
|
# Uncomment do disable ipv6
|
||||||
|
#net.ipv6.conf.all.disable_ipv6=1
|
||||||
|
#net.ipv6.conf.default.disable_ipv6=1
|
||||||
|
#net.ipv6.conf.lo.disable_ipv6=1
|
||||||
|
|
||||||
net.ipv6.conf.all.accept_redirects = 0
|
net.ipv6.conf.all.accept_redirects = 0
|
||||||
net.ipv6.conf.all.accept_source_route = 0
|
net.ipv6.conf.all.accept_source_route = 0
|
||||||
|
|
Loading…
Reference in a new issue