fix core conf sysctl.conf

author: Silvino <silvino@bk.ru> 2019-06-19 00:54:23 +0100
committer: Silvino <silvino@bk.ru> 2019-06-19 00:54:23 +0100
commit: 89b60df59cfe793452041b5a28e01a7b2c01b60b (patch)
tree: da9ee8ca99f3687ada518a44a1f9a5fa85941088 /core/conf
parent: c89c785b301ea90290190aceeb1da0c9b7d464b3 (diff)
download: doc-89b60df59cfe793452041b5a28e01a7b2c01b60b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index d50520e..3cc54d1 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -15,6 +15,9 @@ vm.mmap_min_addr=65536
 # Allow for more PIDs (to reduce rollover problems); may break some programs 32768
 kernel.pid_max = 65536
 
+#Yama LSM by default
+kernel.yama.ptrace_scope = 1
+
 #
 # Filesystem Protections
 #
@@ -30,6 +33,8 @@ kernel.kptr_restrict = 2
 # Network Protections
 #
 
+net.core.bpf_jit_enable = 0
+
 # Increase Linux auto tuning TCP buffer limits
 # min, default, and max number of bytes to use
 # set max to at least 4MB, or higher if you use very high BDP paths
@@ -94,6 +99,7 @@ net.ipv4.conf.default.rp_filter = 1
 #net.ipv6.conf.default.rp_filter = 1
 #net.ipv6.conf.all.rp_filter = 1
 
+
 # Make sure no one can alter the routing tables
 # Act as a router, necessary for Access Point
 net.ipv4.conf.all.accept_redirects = 0
@@ -134,3 +140,4 @@ net.ipv4.tcp_keepalive_time = 1800
 net.ipv4.tcp_synack_retries = 3
 
 # End of file
+
author	Silvino <silvino@bk.ru>	2019-06-19 00:54:23 +0100
committer	Silvino <silvino@bk.ru>	2019-06-19 00:54:23 +0100
commit	89b60df59cfe793452041b5a28e01a7b2c01b60b (patch)
tree	da9ee8ca99f3687ada518a44a1f9a5fa85941088 /core/conf
parent	c89c785b301ea90290190aceeb1da0c9b7d464b3 (diff)
download	doc-89b60df59cfe793452041b5a28e01a7b2c01b60b.tar.gz