2021-07-28 08:18:33 -04:00
|
|
|
net.ipv4.tcp_ecn = 1
|
|
|
|
net.ipv4.tcp_slow_start_after_idle = 0
|
|
|
|
net.ipv4.tcp_fin_timeout = 30
|
|
|
|
net.ipv4.tcp_rfc1337 = 1
|
|
|
|
net.ipv4.tcp_tw_reuse = 1
|
|
|
|
|
|
|
|
net.ipv4.tcp_max_syn_backlog = 4096
|
|
|
|
|
|
|
|
net.ipv4.ip_local_port_range = 1024 65535
|
|
|
|
|
|
|
|
net.ipv4.conf.all.send_redirects = 0
|
|
|
|
net.ipv4.conf.default.send_redirects = 0
|
|
|
|
net.ipv4.conf.all.accept_redirects = 0
|
|
|
|
net.ipv4.conf.default.accept_redirects = 0
|
|
|
|
|
|
|
|
kernel.yama.ptrace_scope = 2
|
|
|
|
|
|
|
|
vm.mmap_rnd_bits = 32
|
|
|
|
vm.mmap_rnd_compat_bits = 16
|
|
|
|
|
|
|
|
kernel.kptr_restrict = 2
|
|
|
|
|
2021-09-07 22:50:57 -04:00
|
|
|
kernel.unprivileged_userns_clone = 0
|
|
|
|
|
2021-07-28 08:18:33 -04:00
|
|
|
kernel.unprivileged_bpf_disabled = 1
|
|
|
|
net.core.bpf_jit_harden = 2
|
|
|
|
|
|
|
|
kernel.kexec_load_disabled = 1
|
|
|
|
|
|
|
|
fs.protected_regular = 2
|
|
|
|
fs.protected_fifos = 2
|
|
|
|
|
|
|
|
kernel.panic = 10
|
|
|
|
kernel.panic_on_oops = 1
|
|
|
|
|
|
|
|
dev.tty.ldisc_autoload = 0
|