#!/bin/bash

cat <<END_SCRIPT >> /etc/sysctl.conf
# The following 11 lines added, per CIS Red Hat Enterprise Linux Benchmark sec 5.1:
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
END_SCRIPT
chown root:root /etc/sysctl.conf
chmod 0600      /etc/sysctl.conf
echo "diff /etc/sysctl.conf-preCIS /etc/sysctl.conf"
      diff /etc/sysctl.conf-preCIS /etc/sysctl.conf