diff options
Diffstat (limited to 'core/modules/system-tweaks/data/etc/sysctl.d/90-openslx.conf')
-rw-r--r-- | core/modules/system-tweaks/data/etc/sysctl.d/90-openslx.conf | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/core/modules/system-tweaks/data/etc/sysctl.d/90-openslx.conf b/core/modules/system-tweaks/data/etc/sysctl.d/90-openslx.conf new file mode 100644 index 00000000..19752768 --- /dev/null +++ b/core/modules/system-tweaks/data/etc/sysctl.d/90-openslx.conf @@ -0,0 +1,30 @@ +# System Request functionality of the kernel (SYNC) +kernel.sysrq = 1 + +# Append the PID to the core filename +kernel.core_uses_pid = 1 + +# Source route verification +net.ipv4.conf.all.rp_filter = 1 +# Do not accept source routing +net.ipv4.conf.all.accept_source_route = 0 +# protection from the SYN flood attack +net.ipv4.tcp_syncookies = 1 +# timestamps add a little overhead but are recommended for gbit links +net.ipv4.tcp_timestamps = 1 +# ignore echo broadcast requests to prevent being part of smurf attacks +net.ipv4.icmp_echo_ignore_broadcasts = 1 +# ignore bogus icmp errors +net.ipv4.icmp_ignore_bogus_error_responses = 1 +# send redirects (not a router, disable it) +net.ipv4.conf.all.send_redirects = 0 +# ICMP routing redirects (only secure) +net.ipv4.conf.all.accept_redirects = 0 +net.ipv4.conf.all.secure_redirects = 1 + +# Enable hard and soft link protection +fs.protected_hardlinks = 1 +fs.protected_symlinks = 1 + +# A little extra security for local exploits +kernel.kptr_restrict = 1 |