a082bb1e4a
- load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) I've sent the --system and --pattern path upstream but they weren't accepted yet. So this is tentative but we need the /lib/sysctl.d feature to be able to provide distro defaults in a sane way. OBS-URL: https://build.opensuse.org/request/show/71353 OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46
45 lines
1.4 KiB
Plaintext
45 lines
1.4 KiB
Plaintext
#
|
|
# Distribution defaults.
|
|
# Use /etc/sysctl.conf to override.
|
|
#
|
|
# Disable response to broadcast pings to avoid smurf attacks.
|
|
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
|
|
|
# enable route verification on all interfaces
|
|
net.ipv4.conf.all.rp_filter = 1
|
|
|
|
# avoid deleting secondary IPs on deleting the primary IP
|
|
net.ipv4.conf.default.promote_secondaries = 1
|
|
net.ipv4.conf.all.promote_secondaries = 1
|
|
|
|
# disable IPv6 completely
|
|
#net.ipv6.conf.all.disable_ipv6 = 1
|
|
|
|
# enable IPv6 forwarding
|
|
#net.ipv6.conf.all.forwarding = 1
|
|
|
|
# enable IPv6 privacy (bnc#678066)
|
|
net.ipv6.conf.default.use_tempaddr = 2
|
|
|
|
# increase the number of possible inotify(7) watches
|
|
fs.inotify.max_user_watches = 65536
|
|
|
|
# Magic SysRq Keys enable some control over the system even if it
|
|
# crashes (e.g. during kernel debugging).
|
|
#
|
|
# 0 - disable sysrq completely
|
|
# 1 - enable all functions of sysrq
|
|
# >1 - bitmask of allowed sysrq functions:
|
|
# 2 - enable control of console logging level
|
|
# 4 - enable control of keyboard (SAK, unraw)
|
|
# 8 - enable debugging dumps of processes etc.
|
|
# 16 - enable sync command
|
|
# 32 - enable remount read-only
|
|
# 64 - enable signalling of processes (term, kill, oom-kill)
|
|
# 128 - allow reboot/poweroff
|
|
# 256 - allow nicing of all RT tasks
|
|
#
|
|
# For further information see /usr/src/linux/Documentation/sysrq.txt
|
|
# default 176 = 128+32+16
|
|
kernel.sysrq = 176
|