Shell script for basic network security enhancement

basis-network-security.sh

############################################
# Shell script to enhance basic network 
# security
############################################

# Enable TCP SYN cookie protection
echo "" >> /etc/sysctl.conf
echo "# Enable TCP SYN cookie protection" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf

# Enable IP spoofing protection
echo "" >> /etc/sysctl.conf
echo "# Enable IP spoofing protection" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf

# Enable ignoring to ICMP requests and broadcasts request
echo "" >> /etc/sysctl.conf
echo "# Enable ignoring to ICMP requests and broadcasts request" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf

# Enable logging of spoofed packets, source routed packets and redirect packets
echo "" >> /etc/sysctl.conf
echo "# Enable logging of spoofed packets, source routed packets and redirect packets" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.log_martians = 1" >>  /etc/sysctl.conf

# Disable IP source routing
echo "" >> /etc/sysctl.conf
echo "# Disable IP source routing" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf

# Disable ICMP redirect acceptance
echo "" >> /etc/sysctl.conf
echo "# Disable ICMP redirect acceptance" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf