X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=sysctl.conf;h=d918cd56e447d241b7a9c57a28aec161ce64bab6;hb=a8447871be4eebf43d97d09e8014100faf460d74;hp=543818d1aed32433c33fe14eb4391905fe682a57;hpb=ebdaaafa726396088526a025d559a5a6e334655a;p=projects%2Frc-scripts.git diff --git a/sysctl.conf b/sysctl.conf index 543818d1..d918cd56 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -40,7 +40,7 @@ net.ipv4.conf.default.rp_filter = 1 # Send ICMP redirects to other hosts ? # net.ipv4.conf.all.send_redirects = 1 -# Ignore all ICMP echo requests ? +# Ignore all ICMP echo requests ? # net.ipv4.icmp_echo_ignore_all = 1 # Ignore ICMP echo requests to broadcast and multicast addresses ? @@ -59,9 +59,9 @@ net.ipv4.conf.default.rp_filter = 1 # Bug-to-bug compatibility with some broken printers. On retransmit # try to send bigger packets to work around bugs in certain TCP -# stacks. Can be turned off by setting IPV4_RETRANS_COLLAPSE to ,,yes''. +# stacks. Can be turned off by setting IPV4_RETRANS_COLLAPSE to ,,yes''. # net.ipv4.tcp_retrans_collapse = 1 - + # Disable select acknowledgments after RFC2018 ? # TCP may experience poor performance when multiple packets are lost # from one window of data. With the limited information available @@ -80,7 +80,7 @@ net.ipv4.conf.default.rp_filter = 1 # net.ipv4.tcp_stdurg = 1 # Enable tcp_syncookies -net.ipv4.tcp_syncookies = 1 +# net.ipv4.tcp_syncookies = 1 # Disable window scaling as defined in RFC1323 ? # The window scale extension expands the definition of the TCP @@ -96,7 +96,7 @@ net.ipv4.tcp_syncookies = 1 # port. Contains two numbers, the first number is the lowest port, # the second number the highest local port. Default is "1024 4999". # Should be changed to "32768 61000" for high-usage systems. -net.ipv4.ip_local_port_range = 4096 61000 +# net.ipv4.ip_local_port_range = 4096 61000 # Disables automatic defragmentation (needed for masquerading, LVS) # Non existant on Linux 2.4 @@ -127,9 +127,17 @@ net.ipv4.ip_local_port_range = 4096 61000 # fs.file-max = 8192 # fs.inode-max = 16384 +# Controls whether core dumps will append the PID to the core filename. +# Useful for debugging multi-threaded applications. +#kernel.core_uses_pid = 1 + # Enable the magic-sysrq key kernel.sysrq = 1 +# After how many seconds reboot system after kernel panic? +# 0 - never reboot system (suggested 60) +#kernel.panic = 60 + # # GRSECURITY http://www.grsecurity.org # @@ -182,15 +190,21 @@ kernel.sysrq = 1 #kernel.grsecurity.disable_modules = 0 #kernel.grsecurity.grsec_lock = 0 +# kernel.randomize_va_space = 2 +# 0 - Turn the process address space randomization off by default. +# 1 - Conservative address space randomization makes the addresses of +# mmap base and VDSO page randomized. This, among other things, +# implies that shared libraries will be loaded to random addresses. +# Also for PIE binaries, the location of code start is randomized. +# 2 - This includes all the features that Conservative randomization +# provides. In addition to that, also start of the brk area is randomized. +# There a few legacy applications out there (such as some ancient +# versions of libc.so.5 from 1996) that assume that brk area starts +# just after the end of the code+bss. These applications break when +# start of the brk area is randomized. There are however no known +# non-legacy applications that would be broken this way, so for most +# systems it is safe to choose Full randomization. + +# for mplayer +#dev.rtc.max-user-freq = 1024 # -# Exec-Shield (kernel 2.6 only). -# -# Turn on randomization -#kernel.exec-shield-randomize = 1 -# -# exec-shield=0 - always-disabled -# exec-shield=1 - default disabled, except binaries that enable it -# exec-shield=2 - default enabled, except binaries that disable it -# exec-shield=3 - always-enabled -# -#kernel.exec-shield = 2