A peek behind the curtain — every file the club keeps on the server, from the front-of-house code to the trophy ledger in the database.
# Prevents SYN DOS attacks. Applies to ipv6 as well, despite name. net.ipv4.tcp_syncookies = 1 # Prevents ip spoofing. net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 # Only groups within this id range can use ping. net.ipv4.ping_group_range=999 59999 # Redirects can potentially be used to maliciously alter hosts # routing tables. net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 1 net.ipv6.conf.all.accept_redirects = 0 # The source routing feature includes some known vulnerabilities. net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 # See RFC 1337 net.ipv4.tcp_rfc1337 = 1 ## Enable IPv6 Privacy Extensions (see RFC4941 and RFC3041) net.ipv6.conf.default.use_tempaddr = 2 net.ipv6.conf.all.use_tempaddr = 2 # Restarts computer after 120 seconds after kernel panic kernel.panic = 120 # Users should not be able to create soft or hard links to files # which they do not own. This mitigates several privilege # escalation vulnerabilities. fs.protected_hardlinks = 1 fs.protected_symlinks = 1 # Disable unprivileged use of the bpf(2) syscall. # Allowing unprivileged use of the bpf(2) syscall may allow a # malicious user to compromise the machine. kernel.unprivileged_bpf_disabled = 1