Update new setup
This commit is contained in:
Tobias Strobel
parent
842511035a
commit
39633f5303
48 changed files with 944 additions and 1210 deletions
58
etc/sysctl.conf
Normal file
58
etc/sysctl.conf
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
# Don't let non-root users get addresses of kernel symbols
|
||||
kernel.kptr_restrict=1
|
||||
|
||||
# Disable kexec to disallow replacing the running kernel.
|
||||
kernel.kexec_load_disabled=1
|
||||
|
||||
# Only let root ptrace processes, for security reasons.
|
||||
# Perhaps I'll need to disable this again for devtools & debugging
|
||||
kernel.yama.ptrace_scope=2
|
||||
|
||||
# IPv6 Privacy Extensions (RFC 4941)
|
||||
# ---
|
||||
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
|
||||
# to use in autoconfiguration. Privacy extensions allow using a randomly
|
||||
# generated IPv6 address, which increases privacy.
|
||||
#
|
||||
# Acceptable values:
|
||||
# 0 - don’t use privacy extensions.
|
||||
# 1 - generate privacy addresses
|
||||
# 2 - prefer privacy addresses and use them over the normal addresses.
|
||||
net.ipv6.conf.all.use_tempaddr=2
|
||||
net.ipv6.conf.default.use_tempaddr=2
|
||||
|
||||
# The magic SysRq key enables certain keyboard combinations to be
|
||||
# interpreted by the kernel to help with debugging. The kernel will respond
|
||||
# to these keys regardless of the current running applications.
|
||||
#
|
||||
# In general, the magic SysRq key is not needed for the average Ubuntu
|
||||
# system, and having it enabled by default can lead to security issues on
|
||||
# the console such as being able to dump memory or to kill arbitrary
|
||||
# processes including the running screen lock.
|
||||
#
|
||||
# Here is the list of possible values:
|
||||
# 0 - disable sysrq completely
|
||||
# 1 - enable all functions of sysrq
|
||||
# >1 - enable certain functions by adding up the following values:
|
||||
# 2 - enable control of console logging level
|
||||
# 4 - enable control of keyboard (SAK, unraw)
|
||||
# 8 - enable debugging dumps of processes etc.
|
||||
# 16 - enable sync command
|
||||
# 32 - enable remount read-only
|
||||
# 64 - enable signalling of processes (term, kill, oom-kill)
|
||||
# 128 - allow reboot/poweroff
|
||||
# 256 - allow nicing of all RT tasks
|
||||
#
|
||||
# For example, to enable both control of console logging level and
|
||||
# debugging dumps of processes: kernel.sysrq = 10
|
||||
#
|
||||
# 128 + 32 + 16
|
||||
kernel.sysrq=176
|
||||
|
||||
# Disable NMI watchdog (powertop recommendation)
|
||||
kernel.nmi_watchdog=0
|
||||
# Increase writeback time (default's 500, powertop recommendation)
|
||||
vm.dirty_writeback_centisecs=1500
|
||||
|
||||
# Quiet
|
||||
kernel.printk = 3 3 3 3
|
||||
Loading…
Add table
Add a link
Reference in a new issue