准备使用的linux的安全设置，请大家指点

Question

linux的安全设置
平台Redhad linux 9.0
1,禁止普通用户使用su

only the user who belongs to the wheel group permits su command.

add following content in /etc/pam.d/su:

“

auth required /lib/security/$ISA/pam_wheel.so use_uid “
2,禁止root远程登录

prohibits root user login from remote..

Describe "PermitRootLogin no" in /etc/ssh/sshd_config.
3,禁止telnet

telnet shoud be prohibited.

Add following description in configuration file: /etc/xinetd.d/telnet :

「disable = yes」.
4,禁止IP转发

IP forwarding function should be disabled.

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.ip_forward = 0. “
5,防范IP Spoofing attack

"IP Spoofing attack" protection should be enabled.

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.conf.all.rp_filter = 1.”

6,禁止ICMP redirection packet

OS should not accept ICMP redirection packet..

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.conf.all.accept_redirects = 0.”

7,禁止relay ICMP redirection packet

OS should not relay ICMP redirection packet..

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.conf.all.send_redirects = 0.”
8,禁止reply to broadcast ICMP packet.

OS should not reply to broadcast ICMP packet.

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.icmp_echo_ignore_broadcasts = 1.”
9,禁止时间戳

OS should avoid the time stamp.

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.tcp_timestamps = 0.”
10,禁止伪造广播帧

OS should restrain the warning of the replying of the imitation to the broadcast frame.

Add description in configuration file /etc/sysctl.conf:

“

net.ipv4.icmp_ignore_bogus_error_responses = 1.”
11,防范SYN攻击

OS should enable the SYN cookie against SYN flood attack.

Add description in configuration file /etc/sysctl.conf:

“