-
Postfix 电子邮件系统精要(二)
◆系统加固及安全
1、内核优化:用脚本实现[root@mailserv2 ~]# more /usr/local/bin/kernel_optimize#!/bin/bash#kernel optimize optimize ,create by 2007-7-29#enable broadcast echo protectionecho 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts#disble source routed packets#for f in /proc/sys/net/ipv4/conf/*/accept_source_rout; do# echo 0 > $f#done#enable tcp syn cookie protectionecho 1 > /proc/sys/net/ipv4/tcp_syncookies#disable icmp redirect acceptancefor f in /proc/sys/net/ipv4/conf/*/accept_redirects; doecho 0 > $fdone#don’t send redirect messagesfor f in /proc/sys/net/ipv4/conf/*/send_redirects; doecho 0 > $fdone#drop spoofed packetsfor f in /proc/sys/net/ipv4/conf/*/rp_filter; doecho 1 > $fdone#log packets with impossible addressesfor f in /proc/sys/net/ipv4/conf/*/log_martians; doecho 1 > $f Read More »没有评论
