From c54125270b44140b9ecfe0420205ac685b2a3505 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu, 27 Jun 2019 18:15:57 +0000
Subject: [PATCH 1/2] Create dmesg_restrict.conf

---
 etc/sysctl.d/dmesg_restrict.conf | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 etc/sysctl.d/dmesg_restrict.conf

diff --git a/etc/sysctl.d/dmesg_restrict.conf b/etc/sysctl.d/dmesg_restrict.conf
new file mode 100644
index 0000000..789769d
--- /dev/null
+++ b/etc/sysctl.d/dmesg_restrict.conf
@@ -0,0 +1,2 @@
+# Restricts the kernel log to root only.
+kernel.dmesg_restrict=1

From 3801a53a9e01aafa3783276059a7907f5b20b96e Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu, 27 Jun 2019 18:17:58 +0000
Subject: [PATCH 2/2] Update tcp_hardening.conf

---
 etc/sysctl.d/tcp_hardening.conf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/etc/sysctl.d/tcp_hardening.conf b/etc/sysctl.d/tcp_hardening.conf
index 0cea4be..e192a8b 100644
--- a/etc/sysctl.d/tcp_hardening.conf
+++ b/etc/sysctl.d/tcp_hardening.conf
@@ -15,5 +15,12 @@ net.ipv6.conf.default.accept_redirects=0
 net.ipv4.conf.all.send_redirects=0
 net.ipv4.conf.default.send_redirects=0
 
-# Ignores ICMP requests
+# Ignores ICMP requests.
 net.ipv4.icmp_echo_ignore_all=1
+
+# Enables TCP syncookies.
+net.ipv4.tcp_syncookies=1
+
+# Disable source routing.
+net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.default.accept_source_route=0