From eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 Mon Sep 17 00:00:00 2001 From: Dave Cobbley Date: Tue, 14 Aug 2018 10:05:37 -0700 Subject: [Subtree] Removing import-layers directory As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley Signed-off-by: Brad Bishop --- .../recipes-extended/procps/procps/sysctl.conf | 64 ++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 poky/meta/recipes-extended/procps/procps/sysctl.conf (limited to 'poky/meta/recipes-extended/procps/procps/sysctl.conf') diff --git a/poky/meta/recipes-extended/procps/procps/sysctl.conf b/poky/meta/recipes-extended/procps/procps/sysctl.conf new file mode 100644 index 000000000..34e7488bf --- /dev/null +++ b/poky/meta/recipes-extended/procps/procps/sysctl.conf @@ -0,0 +1,64 @@ +# This configuration file is taken from Debian. +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 4 4 1 7 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 +# +# Ignore bogus ICMP errors +#net.ipv4.icmp_ignore_bogus_error_responses = 1 +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +#kernel.shmmax = 141762560 -- cgit v1.2.1