procps/sysctl.conf

#
# Distribution defaults.
# Use /etc/sysctl.conf to override.
#
# Disable response to broadcast pings to avoid smurf attacks.
net.ipv4.icmp_echo_ignore_broadcasts = 1

# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1

# avoid deleting secondary IPs on deleting the primary IP
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1

# disable IPv6 completely
#net.ipv6.conf.all.disable_ipv6 = 1

# enable IPv6 forwarding
#net.ipv6.conf.all.forwarding = 1

# enable IPv6 privacy (bnc#678066)
net.ipv6.conf.default.use_tempaddr = 2

# increase the number of possible inotify(7) watches
fs.inotify.max_user_watches = 65536

# Magic SysRq Keys enable some control over the system even if it
# crashes (e.g. during kernel debugging).
#
#   0 - disable sysrq completely
#   1 - enable all functions of sysrq
#  >1 - bitmask of allowed sysrq functions:
#          2 - enable control of console logging level
#          4 - enable control of keyboard (SAK, unraw)
#          8 - enable debugging dumps of processes etc.
#         16 - enable sync command
#         32 - enable remount read-only
#         64 - enable signalling of processes (term, kill, oom-kill)
#        128 - allow reboot/poweroff
#        256 - allow nicing of all RT tasks
#
# For further information see /usr/src/linux/Documentation/sysrq.txt
# default 176 = 128+32+16
kernel.sysrq = 176
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00			`#`
			`# Distribution defaults.`
			`# Use /etc/sysctl.conf to override.`
			`#`
			`# Disable response to broadcast pings to avoid smurf attacks.`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/procps?expand=0&rev=1 2006-12-19 00:17:32 +01:00			`net.ipv4.icmp_echo_ignore_broadcasts = 1`
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/procps?expand=0&rev=1 2006-12-19 00:17:32 +01:00			`# enable route verification on all interfaces`
			`net.ipv4.conf.all.rp_filter = 1`
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00
			`# avoid deleting secondary IPs on deleting the primary IP`
			`net.ipv4.conf.default.promote_secondaries = 1`
			`net.ipv4.conf.all.promote_secondaries = 1`

Accepting request 26498 from home:jengelh:branches:Base:System Copy from home:jengelh:branches:Base:System/procps via accept of submit request 26498 revision 3. Request was accepted with message: ok OBS-URL: https://build.opensuse.org/request/show/26498 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=12 2009-12-20 21:36:51 +01:00			`# disable IPv6 completely`
			`#net.ipv6.conf.all.disable_ipv6 = 1`
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00
Accepting request 26498 from home:jengelh:branches:Base:System Copy from home:jengelh:branches:Base:System/procps via accept of submit request 26498 revision 3. Request was accepted with message: ok OBS-URL: https://build.opensuse.org/request/show/26498 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=12 2009-12-20 21:36:51 +01:00			`# enable IPv6 forwarding`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/procps?expand=0&rev=1 2006-12-19 00:17:32 +01:00			`#net.ipv6.conf.all.forwarding = 1`
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00
			`# enable IPv6 privacy (bnc#678066)`
			`net.ipv6.conf.default.use_tempaddr = 2`

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/procps?expand=0&rev=4 2007-06-07 13:15:36 +02:00			`# increase the number of possible inotify(7) watches`
			`fs.inotify.max_user_watches = 65536`
Accepting request 71353 from home:lnussel:branches:Base:System - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46 2011-05-28 22:50:18 +02:00
			`# Magic SysRq Keys enable some control over the system even if it`
			`# crashes (e.g. during kernel debugging).`
			`#`
			`# 0 - disable sysrq completely`
			`# 1 - enable all functions of sysrq`
			`# >1 - bitmask of allowed sysrq functions:`
			`# 2 - enable control of console logging level`
			`# 4 - enable control of keyboard (SAK, unraw)`
			`# 8 - enable debugging dumps of processes etc.`
			`# 16 - enable sync command`
			`# 32 - enable remount read-only`
			`# 64 - enable signalling of processes (term, kill, oom-kill)`
			`# 128 - allow reboot/poweroff`
			`# 256 - allow nicing of all RT tasks`
			`#`
			`# For further information see /usr/src/linux/Documentation/sysrq.txt`
			`# default 176 = 128+32+16`
			`kernel.sysrq = 176`