Here goes. $ cat /etc/sysctl.conf # # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additional system variables. # See sysctl.conf (5) for information. #
#kernel.domainname = example.com # the following stops low-level messages on console kernel.printk = 4 4 1 7 # enable /proc/$pid/maps privacy so that memory relocations are not # visible to other users. (Added in kernel 2.6.22.) kernel.maps_protect = 1 # Increase inotify availability fs.inotify.max_user_watches = 524288 # protect bottom 64k of memory from mmap to prevent NULL-dereference # attacks against potential future kernel security vulnerabilities. # (Added in kernel 2.6.23.) vm.mmap_min_addr = 65536 ##############################################################3 # Functions previously found in netbase # # Comment the next two lines to disable Spoof protection (reverse-path filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies # This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167), # and is not recommended. #net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 # Disables packet forwarding net.ipv4.ip_forward = 0 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.conf.all.forwarding=1 ################################################################### # Additional settings - these settings can improve the network # security of the host and prevent against some network attacks # including spoofing attacks and man in the middle attacks through # redirection. Some network environments, however, require that these # settings are disabled so review and enable them as needed. # # Ignore ICMP broadcasts net.ipv4.icmp_echo_ignore_broadcasts = 1 # # Ignore bogus ICMP errors net.ipv4.icmp_ignore_bogus_error_responses = 1 # # Do not accept ICMP redirects (prevent MITM attacks) net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) # net.ipv4.conf.all.secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) net.ipv4.conf.all.send_redirects = 0 # # Do not accept IP source route packets (we are not a router) net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 # # Log Martian Packets net.ipv4.conf.all.log_martians = 1 # # The contents of /proc/<pid>/maps and smaps files are only visible to # readers that are allowed to ptrace() the process sys.kernel.maps_protect = 1 # Always defragment packets net.ipv4.ip_always_defrag = 1 kernel.shmmax = 68157440 kernel.shmall = 68157440 # Disables the magic-sysrq key kernel.sysrq = 0 # Turn off redirects net.ipv4.conf.default.send_redirects = 0 -- Packages with custom /etc/sysctl.d/30-foo.conf files can fail to install: start procps returns exit status 1 https://bugs.launchpad.net/bugs/447197 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
