# net.ipv4.tcp_stdurg = 1
# Enable tcp_syncookies
-net.ipv4.tcp_syncookies = 1
+# net.ipv4.tcp_syncookies = 1
# Disable window scaling as defined in RFC1323 ?
# The window scale extension expands the definition of the TCP
# port. Contains two numbers, the first number is the lowest port,
# the second number the highest local port. Default is "1024 4999".
# Should be changed to "32768 61000" for high-usage systems.
-net.ipv4.ip_local_port_range = 4096 61000
+# net.ipv4.ip_local_port_range = 4096 61000
# Disables automatic defragmentation (needed for masquerading, LVS)
# Non existant on Linux 2.4
# fs.file-max = 8192
# fs.inode-max = 16384
+# Controls whether core dumps will append the PID to the core filename.
+# Useful for debugging multi-threaded applications.
+#kernel.core_uses_pid = 1
+
# Enable the magic-sysrq key
kernel.sysrq = 1
#kernel.grsecurity.disable_modules = 0
#kernel.grsecurity.grsec_lock = 0
-#
-# Exec-Shield (kernel 2.6 only).
-#
-# Turn on randomization
-#kernel.exec-shield-randomize = 1
-#
-# exec-shield=0 - always-disabled
-# exec-shield=1 - default disabled, except binaries that enable it
-# exec-shield=2 - default enabled, except binaries that disable it
-# exec-shield=3 - always-enabled
-#
-#kernel.exec-shield = 2
+# kernel.randomize_va_space = 2
+# 0 - Turn the process address space randomization off by default.
+# 1 - Conservative address space randomization makes the addresses of
+# mmap base and VDSO page randomized. This, among other things,
+# implies that shared libraries will be loaded to random addresses.
+# Also for PIE binaries, the location of code start is randomized.
+# 2 - This includes all the features that Conservative randomization
+# provides. In addition to that, also start of the brk area is randomized.
+# There a few legacy applications out there (such as some ancient
+# versions of libc.so.5 from 1996) that assume that brk area starts
+# just after the end of the code+bss. These applications break when
+# start of the brk area is randomized. There are however no known
+# non-legacy applications that would be broken this way, so for most
+# systems it is safe to choose Full randomization.
+
+# for mplayer
+#dev.rtc.max-user-freq = 1024