From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../recipes-extended/procps/procps/sysctl.conf | 105 +++++++++++---------- 1 file changed, 54 insertions(+), 51 deletions(-) (limited to 'external/poky/meta/recipes-extended/procps/procps/sysctl.conf') diff --git a/external/poky/meta/recipes-extended/procps/procps/sysctl.conf b/external/poky/meta/recipes-extended/procps/procps/sysctl.conf index 34e7488b..253f3701 100644 --- a/external/poky/meta/recipes-extended/procps/procps/sysctl.conf +++ b/external/poky/meta/recipes-extended/procps/procps/sysctl.conf @@ -1,64 +1,67 @@ -# This configuration file is taken from Debian. +# This configuration taken from procps v3.3.15 +# Commented out kernel/pid_max=10000 line # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. -# -#kernel.domainname = example.com +# you can have the CD-ROM close when you use it, and open +# when you are done. +#dev.cdrom.autoeject = 1 +#dev.cdrom.autoclose = 1 -# Uncomment the following to stop low-level messages on console -#kernel.printk = 4 4 1 7 +# protection from the SYN flood attack +net/ipv4/tcp_syncookies=1 -##############################################################3 -# Functions previously found in netbase -# +# see the evil packets in your log files +net/ipv4/conf/all/log_martians=1 -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter=1 -net.ipv4.conf.all.rp_filter=1 +# makes you vulnerable or not :-) +net/ipv4/conf/all/accept_redirects=0 +net/ipv4/conf/all/accept_source_route=0 +net/ipv4/icmp_echo_ignore_broadcasts =1 -# Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 +# needed for routing, including masquerading or NAT +#net/ipv4/ip_forward=1 -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 +# sets the port range used for outgoing connections +#net.ipv4.ip_local_port_range = 32768 61000 -# Uncomment the next line to enable packet forwarding for IPv6 -#net.ipv6.conf.all.forwarding=1 +# Broken routers and obsolete firewalls will corrupt the window scaling +# and ECN. Set these values to 0 to disable window scaling and ECN. +# This may, rarely, cause some performance loss when running high-speed +# TCP/IP over huge distances or running TCP/IP over connections with high +# packet loss and modern routers. This sure beats dropped connections. +#net.ipv4.tcp_ecn = 0 +# Swapping too much or not enough? Disks spinning up when you'd +# rather they didn't? Tweak these. +#vm.vfs_cache_pressure = 100 +#vm.laptop_mode = 0 +#vm.swappiness = 60 -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 -# -# Ignore bogus ICMP errors -#net.ipv4.icmp_ignore_bogus_error_responses = 1 -# -# Do not accept ICMP redirects (prevent MITM attacks) -#net.ipv4.conf.all.accept_redirects = 0 -#net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# net.ipv4.conf.all.secure_redirects = 1 -# -# Do not send ICMP redirects (we are not a router) -#net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -#net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# +#kernel.printk_ratelimit_burst = 10 +#kernel.printk_ratelimit = 5 +#kernel.panic_on_oops = 0 + +# Reboot 600 seconds after a panic +#kernel.panic = 600 + +# enable SysRq key (note: console security issues) +#kernel.sysrq = 1 + +# Change name of core file to start with the command name +# so you get things like: emacs.core mozilla-bin.core X.core +#kernel.core_pattern = %e.core + +# NIS/YP domain (not always equal to DNS domain) +#kernel.domainname = example.com +#kernel.hostname = darkstar + +# This limits PID values to 4 digits, which allows tools like ps +# to save screen space. +#kernel/pid_max=10000 -#kernel.shmmax = 141762560 +# Protects against creating or following links under certain conditions +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks = 1 +#fs.protected_symlinks = 1 -- cgit 1.2.3-korg