diff options
| -rw-r--r-- | meta/recipes-extended/procps/procps/sysctl.conf | 105 |
1 files changed, 54 insertions, 51 deletions
diff --git a/meta/recipes-extended/procps/procps/sysctl.conf b/meta/recipes-extended/procps/procps/sysctl.conf index 34e7488bf7..253f3701bd 100644 --- a/meta/recipes-extended/procps/procps/sysctl.conf +++ b/meta/recipes-extended/procps/procps/sysctl.conf | |||
| @@ -1,64 +1,67 @@ | |||
| 1 | # This configuration file is taken from Debian. | 1 | # This configuration taken from procps v3.3.15 |
| 2 | # Commented out kernel/pid_max=10000 line | ||
| 2 | # | 3 | # |
| 3 | # /etc/sysctl.conf - Configuration file for setting system variables | 4 | # /etc/sysctl.conf - Configuration file for setting system variables |
| 4 | # See sysctl.conf (5) for information. | 5 | # See sysctl.conf (5) for information. |
| 5 | # | ||
| 6 | 6 | ||
| 7 | #kernel.domainname = example.com | 7 | # you can have the CD-ROM close when you use it, and open |
| 8 | # when you are done. | ||
| 9 | #dev.cdrom.autoeject = 1 | ||
| 10 | #dev.cdrom.autoclose = 1 | ||
| 8 | 11 | ||
| 9 | # Uncomment the following to stop low-level messages on console | 12 | # protection from the SYN flood attack |
| 10 | #kernel.printk = 4 4 1 7 | 13 | net/ipv4/tcp_syncookies=1 |
| 11 | 14 | ||
| 12 | ##############################################################3 | 15 | # see the evil packets in your log files |
| 13 | # Functions previously found in netbase | 16 | net/ipv4/conf/all/log_martians=1 |
| 14 | # | ||
| 15 | 17 | ||
| 16 | # Uncomment the next two lines to enable Spoof protection (reverse-path filter) | 18 | # makes you vulnerable or not :-) |
| 17 | # Turn on Source Address Verification in all interfaces to | 19 | net/ipv4/conf/all/accept_redirects=0 |
| 18 | # prevent some spoofing attacks | 20 | net/ipv4/conf/all/accept_source_route=0 |
| 19 | net.ipv4.conf.default.rp_filter=1 | 21 | net/ipv4/icmp_echo_ignore_broadcasts =1 |
| 20 | net.ipv4.conf.all.rp_filter=1 | ||
| 21 | 22 | ||
| 22 | # Uncomment the next line to enable TCP/IP SYN cookies | 23 | # needed for routing, including masquerading or NAT |
| 23 | #net.ipv4.tcp_syncookies=1 | 24 | #net/ipv4/ip_forward=1 |
| 24 | 25 | ||
| 25 | # Uncomment the next line to enable packet forwarding for IPv4 | 26 | # sets the port range used for outgoing connections |
| 26 | #net.ipv4.ip_forward=1 | 27 | #net.ipv4.ip_local_port_range = 32768 61000 |
| 27 | 28 | ||
| 28 | # Uncomment the next line to enable packet forwarding for IPv6 | 29 | # Broken routers and obsolete firewalls will corrupt the window scaling |
| 29 | #net.ipv6.conf.all.forwarding=1 | 30 | # and ECN. Set these values to 0 to disable window scaling and ECN. |
| 31 | # This may, rarely, cause some performance loss when running high-speed | ||
| 32 | # TCP/IP over huge distances or running TCP/IP over connections with high | ||
| 33 | # packet loss and modern routers. This sure beats dropped connections. | ||
| 34 | #net.ipv4.tcp_ecn = 0 | ||
| 30 | 35 | ||
| 36 | # Swapping too much or not enough? Disks spinning up when you'd | ||
| 37 | # rather they didn't? Tweak these. | ||
| 38 | #vm.vfs_cache_pressure = 100 | ||
| 39 | #vm.laptop_mode = 0 | ||
| 40 | #vm.swappiness = 60 | ||
| 31 | 41 | ||
| 32 | ################################################################### | 42 | #kernel.printk_ratelimit_burst = 10 |
| 33 | # Additional settings - these settings can improve the network | 43 | #kernel.printk_ratelimit = 5 |
| 34 | # security of the host and prevent against some network attacks | 44 | #kernel.panic_on_oops = 0 |
| 35 | # including spoofing attacks and man in the middle attacks through | 45 | |
| 36 | # redirection. Some network environments, however, require that these | 46 | # Reboot 600 seconds after a panic |
| 37 | # settings are disabled so review and enable them as needed. | 47 | #kernel.panic = 600 |
| 38 | # | 48 | |
| 39 | # Ignore ICMP broadcasts | 49 | # enable SysRq key (note: console security issues) |
| 40 | #net.ipv4.icmp_echo_ignore_broadcasts = 1 | 50 | #kernel.sysrq = 1 |
| 41 | # | 51 | |
| 42 | # Ignore bogus ICMP errors | 52 | # Change name of core file to start with the command name |
| 43 | #net.ipv4.icmp_ignore_bogus_error_responses = 1 | 53 | # so you get things like: emacs.core mozilla-bin.core X.core |
| 44 | # | 54 | #kernel.core_pattern = %e.core |
| 45 | # Do not accept ICMP redirects (prevent MITM attacks) | 55 | |
| 46 | #net.ipv4.conf.all.accept_redirects = 0 | 56 | # NIS/YP domain (not always equal to DNS domain) |
| 47 | #net.ipv6.conf.all.accept_redirects = 0 | 57 | #kernel.domainname = example.com |
| 48 | # _or_ | 58 | #kernel.hostname = darkstar |
| 49 | # Accept ICMP redirects only for gateways listed in our default | 59 | |
| 50 | # gateway list (enabled by default) | 60 | # This limits PID values to 4 digits, which allows tools like ps |
| 51 | # net.ipv4.conf.all.secure_redirects = 1 | 61 | # to save screen space. |
| 52 | # | 62 | #kernel/pid_max=10000 |
| 53 | # Do not send ICMP redirects (we are not a router) | ||
| 54 | #net.ipv4.conf.all.send_redirects = 0 | ||
| 55 | # | ||
| 56 | # Do not accept IP source route packets (we are not a router) | ||
| 57 | #net.ipv4.conf.all.accept_source_route = 0 | ||
| 58 | #net.ipv6.conf.all.accept_source_route = 0 | ||
| 59 | # | ||
| 60 | # Log Martian Packets | ||
| 61 | #net.ipv4.conf.all.log_martians = 1 | ||
| 62 | # | ||
| 63 | 63 | ||
| 64 | #kernel.shmmax = 141762560 | 64 | # Protects against creating or following links under certain conditions |
| 65 | # See https://www.kernel.org/doc/Documentation/sysctl/fs.txt | ||
| 66 | #fs.protected_hardlinks = 1 | ||
| 67 | #fs.protected_symlinks = 1 | ||