feat: add rc.local, update lynis

lynis/etc/lynis/custom.prf

@@ -5,9 +5,20 @@ skip-test=USB-1000
 skip-test=STRG-1846
 skip-test=PRNT-2308
 skip-test=FILE-6310
+skip-test=BOOT-5122
+skip-test=BOOT-5260
+skip-test=BOOT-5260
+
+# Disable /etc/issue checking
+skip-test=BANN-7126
+skip-test=BANN-7130
+
+# Disable some SSH feature checks that we intend to keep
 skip-test=SSH-7408:tcpkeepalive
 skip-test=SSH-7408:allowtcpforwarding
 skip-test=SSH-7408:compression
 skip-test=SSH-7408:port
-skip-test=BANN-7126
-skip-test=BANN-7130
+
+# Old packages
+skip-test=CUST-0810
+skip-test=CUST-0285

rc.local/etc/rc.local

@@ -0,0 +1,9 @@
+#!/bin/bash
+# /etc/rc.local
+
+# file needed to correctly load kernel parameters at boot time
+# on Ubuntu (ex. to disable ipv6) without modifying grub
+/etc/sysctl.d
+/etc/init.d/procps restart
+
+exit 0

sysctl/etc/sysctl.conf

@@ -35,6 +35,10 @@ net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_timestamps = 1
 
+# Uncomment do disable ipv6
+#net.ipv6.conf.all.disable_ipv6=1
+#net.ipv6.conf.default.disable_ipv6=1
+#net.ipv6.conf.lo.disable_ipv6=1
 
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.all.accept_source_route = 0