mirror of
https://gitlab.com/procps-ng/procps.git
synced 2024-11-23 01:53:39 +08:00
479b9e54b1
--------------- Original Master Branch Commit Message:
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.
Most kernels probably have this enabled anyhow.
References:
https://bugs.debian.org/889098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
561ec64ae6
Signed-off-by: Jim Warner <james.warner@comcast.net>
65 lines
2.0 KiB
Plaintext
65 lines
2.0 KiB
Plaintext
# /etc/sysctl.conf - Configuration file for setting system variables
|
|
# See sysctl.conf (5) for information.
|
|
|
|
# you can have the CD-ROM close when you use it, and open
|
|
# when you are done.
|
|
#dev.cdrom.autoeject = 1
|
|
#dev.cdrom.autoclose = 1
|
|
|
|
# protection from the SYN flood attack
|
|
net/ipv4/tcp_syncookies=1
|
|
|
|
# see the evil packets in your log files
|
|
net/ipv4/conf/all/log_martians=1
|
|
|
|
# makes you vulnerable or not :-)
|
|
net/ipv4/conf/all/accept_redirects=0
|
|
net/ipv4/conf/all/accept_source_route=0
|
|
net/ipv4/icmp_echo_ignore_broadcasts =1
|
|
|
|
# needed for routing, including masquerading or NAT
|
|
#net/ipv4/ip_forward=1
|
|
|
|
# sets the port range used for outgoing connections
|
|
#net.ipv4.ip_local_port_range = 32768 61000
|
|
|
|
# Broken routers and obsolete firewalls will corrupt the window scaling
|
|
# and ECN. Set these values to 0 to disable window scaling and ECN.
|
|
# This may, rarely, cause some performance loss when running high-speed
|
|
# TCP/IP over huge distances or running TCP/IP over connections with high
|
|
# packet loss and modern routers. This sure beats dropped connections.
|
|
#net.ipv4.tcp_ecn = 0
|
|
|
|
# Swapping too much or not enough? Disks spinning up when you'd
|
|
# rather they didn't? Tweak these.
|
|
#vm.vfs_cache_pressure = 100
|
|
#vm.laptop_mode = 0
|
|
#vm.swappiness = 60
|
|
|
|
#kernel.printk_ratelimit_burst = 10
|
|
#kernel.printk_ratelimit = 5
|
|
#kernel.panic_on_oops = 0
|
|
|
|
# Reboot 600 seconds after a panic
|
|
#kernel.panic = 600
|
|
|
|
# enable SysRq key (note: console security issues)
|
|
#kernel.sysrq = 1
|
|
|
|
# Change name of core file to start with the command name
|
|
# so you get things like: emacs.core mozilla-bin.core X.core
|
|
#kernel.core_pattern = %e.core
|
|
|
|
# NIS/YP domain (not always equal to DNS domain)
|
|
#kernel.domainname = example.com
|
|
#kernel.hostname = darkstar
|
|
|
|
# This limits PID values to 4 digits, which allows tools like ps
|
|
# to save screen space.
|
|
kernel/pid_max=10000
|
|
|
|
# Protects against creating or following links under certain conditions
|
|
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
|
#fs.protected_hardlinks = 1
|
|
#fs.protected_symlinks = 1
|