Remove ldap in initial nsswitch conf, will be added after udev started up

Update to systemd 204
Remove some systemd services that don't make sense in our setup
Add own sysctl defaults

1 files changed, 39 insertions, 0 deletions

diff --git a/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf b/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf
new file mode 100644
index 00000000..6ece04ce
--- /dev/null
+++ b/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf
@@ -0,0 +1,39 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) and core(5) for for details.
+
+# System Request functionality of the kernel (SYNC)
+kernel.sysrq = 1
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
+
+# Source route verification
+net.ipv4.conf.all.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.all.accept_source_route = 0
+# protection from the SYN flood attack
+net.ipv4.tcp_syncookies = 1
+# timestamps add a little overhead but are recommended for gbit links
+net.ipv4.tcp_timestamps = 1
+# ignore echo broadcast requests to prevent being part of smurf attacks
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+# ignore bogus icmp errors
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+# send redirects (not a router, disable it)
+net.ipv4.conf.all.send_redirects = 0
+# ICMP routing redirects (only secure)
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.all.secure_redirects = 1
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
+
+# A little extra security for local exploits
+kernel.kptr_restrict = 1