dotfiles/etc/sysctl.conf
2024-01-14 15:28:46 +01:00

59 lines
2.2 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Don't let non-root users get addresses of kernel symbols
kernel.kptr_restrict=1
# Disable kexec to disallow replacing the running kernel.
kernel.kexec_load_disabled=1
# Only let root ptrace processes, for security reasons.
# Perhaps needs to be disabled for devtools & debugging
kernel.yama.ptrace_scope=2
# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
# 0 - dont use privacy extensions.
# 1 - generate privacy addresses
# 2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# The magic SysRq key enables certain keyboard combinations to be
# interpreted by the kernel to help with debugging. The kernel will respond
# to these keys regardless of the current running applications.
#
# In general, the magic SysRq key is not needed for the average Ubuntu
# system, and having it enabled by default can lead to security issues on
# the console such as being able to dump memory or to kill arbitrary
# processes including the running screen lock.
#
# Here is the list of possible values:
# 0 - disable sysrq completely
# 1 - enable all functions of sysrq
# >1 - enable certain functions by adding up the following values:
# 2 - enable control of console logging level
# 4 - enable control of keyboard (SAK, unraw)
# 8 - enable debugging dumps of processes etc.
# 16 - enable sync command
# 32 - enable remount read-only
# 64 - enable signalling of processes (term, kill, oom-kill)
# 128 - allow reboot/poweroff
# 256 - allow nicing of all RT tasks
#
# For example, to enable both control of console logging level and
# debugging dumps of processes: kernel.sysrq = 10
#
# 128 + 32 + 16
kernel.sysrq=176
# Disable NMI watchdog (powertop recommendation)
kernel.nmi_watchdog=0
# Increase writeback time (default's 500, powertop recommendation)
vm.dirty_writeback_centisecs=1500
# Quiet
kernel.printk = 3 3 3 3