yast security center

i can add all these myself to sysctl99 config but when i do it seems to break yast security center can someone please tell me where to find these equivalents in the yast security center when i search for them i cant find anything.


net.inet.tcp.rfc1323=0
net.inet.icmp.timestamp=0
vm.swappiness=0
kernel.randomize_va_space = 2
fs.suid_dumpable = 0
hard core 0
kernel.exec-shield = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses 1

when i add them manually with nano i get this error when loading yast secrity center if i delete them it works fine


Parse error while reading file /usr/lib/sysctl.d/99-sysctl.conf
YaST cannot continue and will quit.

Possible causes and remedies:
 


  1. You made a mistake when changing the file by hand, the syntax is invalid. Try reverting the changes.
  1. The syntax is in fact valid but YaST does not recognize it. Please report a YaST bug.
  1. YaST made a mistake and wrote invalid syntax earlier. Please report a YaST bug.


 Caller: /usr/lib64/ruby/gems/2.7.0/gems/cfa-1.0.2/lib/cfa/augeas_parser.rb:458:in `report_activity_error!'

Details: Augeas parsing error: Iterated lens matched less than it should at /usr/lib/sysctl.d/99-sysctl.conf:7:4, lens /usr/share/augeas/lenses/dist/sysctl.aug:38.10-.52:

also i noticed when i check the service only AFTER i add my personal config then delete it to get yast security center working again when i check the status i get this. so dose that mean my settings aply after i add then delete them?

**●** systemd-sysctl.service - Apply Kernel Variables 
     Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static) 
    Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d 
             └─50-kernel-uname_r.conf 
     Active: **failed** (Result: exit-code) since Thu 2021-07-01 02:37:53 EDT; 1min 44s ago 
       Docs: man:systemd-sysctl.service(8) 
             man:sysctl.d(5) 
    Process: 9794 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-5.12.13-1-default (code=exited, status=0/SUCCES> 
    Process: 9795 ExecStart=/usr/lib/systemd/systemd-sysctl **(code=exited, status=1/FAILURE)** 
   Main PID: 9795 (code=exited, status=1/FAILURE) 
        CPU: 13ms 

Jul 01 02:37:53 localhost.localdomain systemd[1]: Starting Apply Kernel Variables... 
Jul 01 02:37:53 localhost.localdomain systemd-sysctl[9795]: **/usr/lib/sysctl.d/99-sysctl.conf:7: Line is not an assignment, ignor**> 
Jul 01 02:37:53 localhost.localdomain systemd-sysctl[9795]: **/usr/lib/sysctl.d/99-sysctl.conf:14: Line is not an assignment, igno**> 
Jul 01 02:37:53 localhost.localdomain systemd-sysctl[9795]: Couldn't write '0' to 'net/inet/tcp/rfc1323', ignoring: No such file> 
Jul 01 02:37:53 localhost.localdomain systemd-sysctl[9795]: Couldn't write '0' to 'net/inet/icmp/timestamp', ignoring: No such f> 
Jul 01 02:37:53 localhost.localdomain systemd-sysctl[9795]: Couldn't write '1' to 'kernel/exec-shield', ignoring: No such file o> 
Jul 01 02:37:53 localhost.localdomain systemd[1]: **systemd-sysctl.service: Main process exited, code=exited, status=1/FAILURE** 
Jul 01 02:37:53 localhost.localdomain systemd[1]: **systemd-sysctl.service: Failed with result 'exit-code'.** 
Jul 01 02:37:53 localhost.localdomain systemd[1]: **Failed to start Apply Kernel Variables.**

I think you are not supposed to edit files in “/usr/lib/sysctl.d”. Instead, you are supposed to copy to “/etc/sysctl.d” and edit there.

I notice that there is already a file “/etc/sysctl.d/70-yast.conf”.

ok so i think i fixed it i rebooted a couple of times and ran the service status and determined it runs absolutely fine if it have to set up like this in the config with nano

[FONT=monospace]net.ipv4.ip_forward = 0 
net.ipv6.conf.all.forwarding = 0 
net.ipv6.conf.all.disable_ipv6 = 0 
net.ipv4.tcp_syncookies = 1 
vm.swappiness=0 
kernel.randomize_va_space = 2 
fs.suid_dumpable = 0 
net.ipv4.ip_forward = 0 
net.ipv4.conf.all.send_redirects = 0 
net.ipv4.conf.default.send_redirects = 0 
net.ipv4.conf.all.accept_redirects = 0 
net.ipv4.conf.default.accept_redirects = 0 
net.ipv4.ip_forward = 0

but i noticed i cant have these ones on or the security center and sysctl process wont run why is that and how can i enable these thanks
[/FONT]

net/inet/tcp/rfc1323
[FONT=monospace]net/inet/icmp/timestamp
[/FONT]kernel/exec-shield

One the TCP and ICMP timestamps see https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps.

oh ok i must have missed that last time thank you all solved now