From 8461477e00d5912d57fc3bec528e80bf98e807a7 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Sun, 26 Apr 2009 23:07:06 +0200 Subject: [PATCH] system: Add default sysctl.conf. --- etc/sysctl.conf | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 etc/sysctl.conf diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..6cd0aeb --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,67 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additonal system variables +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 4 4 1 7 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167), +# and is not recommended. +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 +# +# Ignore bogus ICMP errors +#net.ipv4.icmp_ignore_bogus_error_responses = 1 +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# +# The contents of /proc//maps and smaps files are only visible to +# readers that are allowed to ptrace() the process +# kernel.maps_protect = 1 -- 2.30.2