emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
5b2cfd607b
procps/sysctl.conf
Craig Small 8517c86560 misc: Add link protection examples to sysctl.conf 
Adds both examples to the sample sysctl.conf configuration file
to enable link protection for both hard and soft links.

Most kernels probably have this enabled anyhow.

References:
 https://bugs.debian.org/889098
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078
 561ec64ae6
2018-03-03 18:56:20 +11:00

65 lines
2.0 KiB
Plaintext
Raw Blame History

# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
# you can have the CD-ROM close when you use it, and open
# when you are done.
#dev.cdrom.autoeject = 1
#dev.cdrom.autoclose = 1
# protection from the SYN flood attack
net/ipv4/tcp_syncookies=1
# see the evil packets in your log files
net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-)
net/ipv4/conf/all/accept_redirects=0
net/ipv4/conf/all/accept_source_route=0
net/ipv4/icmp_echo_ignore_broadcasts =1
# needed for routing, including masquerading or NAT
#net/ipv4/ip_forward=1
# sets the port range used for outgoing connections
#net.ipv4.ip_local_port_range = 32768 61000
# Broken routers and obsolete firewalls will corrupt the window scaling
# and ECN. Set these values to 0 to disable window scaling and ECN.
# This may, rarely, cause some performance loss when running high-speed
# TCP/IP over huge distances or running TCP/IP over connections with high
# packet loss and modern routers. This sure beats dropped connections.
#net.ipv4.tcp_ecn = 0
# Swapping too much or not enough? Disks spinning up when you'd
# rather they didn't? Tweak these.
#vm.vfs_cache_pressure = 100
#vm.laptop_mode = 0
#vm.swappiness = 60
#kernel.printk_ratelimit_burst = 10
#kernel.printk_ratelimit = 5
#kernel.panic_on_oops = 0
# Reboot 600 seconds after a panic
#kernel.panic = 600
# enable SysRq key (note: console security issues)
#kernel.sysrq = 1
# Change name of core file to start with the command name
# so you get things like: emacs.core mozilla-bin.core X.core
#kernel.core_pattern = %e.core
# NIS/YP domain (not always equal to DNS domain)
#kernel.domainname = example.com
#kernel.hostname = darkstar
# This limits PID values to 4 digits, which allows tools like ps
# to save screen space.
kernel/pid_max=10000
# Protects against creating or following links under certain conditions
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks = 1
#fs.protected_symlinks = 1
Reference in New Issue View Git Blame Copy Permalink