feat: add rc.local, update lynis

This commit is contained in:
Lorenzo Tucci 2021-08-23 20:05:42 +02:00
parent a3d00bd238
commit 3ed5844553
3 changed files with 26 additions and 2 deletions

View file

@ -5,9 +5,20 @@ skip-test=USB-1000
skip-test=STRG-1846 skip-test=STRG-1846
skip-test=PRNT-2308 skip-test=PRNT-2308
skip-test=FILE-6310 skip-test=FILE-6310
skip-test=BOOT-5122
skip-test=BOOT-5260
skip-test=BOOT-5260
# Disable /etc/issue checking
skip-test=BANN-7126
skip-test=BANN-7130
# Disable some SSH feature checks that we intend to keep
skip-test=SSH-7408:tcpkeepalive skip-test=SSH-7408:tcpkeepalive
skip-test=SSH-7408:allowtcpforwarding skip-test=SSH-7408:allowtcpforwarding
skip-test=SSH-7408:compression skip-test=SSH-7408:compression
skip-test=SSH-7408:port skip-test=SSH-7408:port
skip-test=BANN-7126
skip-test=BANN-7130 # Old packages
skip-test=CUST-0810
skip-test=CUST-0285

9
rc.local/etc/rc.local Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# /etc/rc.local
# file needed to correctly load kernel parameters at boot time
# on Ubuntu (ex. to disable ipv6) without modifying grub
/etc/sysctl.d
/etc/init.d/procps restart
exit 0

View file

@ -35,6 +35,10 @@ net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_timestamps = 1
# Uncomment do disable ipv6
#net.ipv6.conf.all.disable_ipv6=1
#net.ipv6.conf.default.disable_ipv6=1
#net.ipv6.conf.lo.disable_ipv6=1
net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0