From c975c3c0ff7cc5a1e29b651c2db6c27e3f952870 Mon Sep 17 00:00:00 2001
From: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:07:53 +0000
Subject: [PATCH] new lines 990-security-misc.conf

added new recommended hardening settings with comments
---
 usr/lib/sysctl.d/990-security-misc.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 718d64b..547dbeb 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -14,6 +14,14 @@ kernel.core_pattern=|/bin/false
 ## Restricts the kernel log to root only.
 kernel.dmesg_restrict=1
 
+## Does not set coredump name to 'core' which is default. Defense in depth.
+kernel.core_uses_pid=1
+
+## A martian packet is a one with a source address which is blatantly wrong
+## Recommended to keep a log of these to identify these suspicious packets
+net.ipv4.conf.all.log_martians=1
+net.ipv4.conf.default.log_martians=1
+
 ## Don't allow writes to files that we don't own
 ## in world writable sticky directories, unless
 ## they are owned by the owner of the directory.