Linux-sysctl-defaults: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
K Textersetzung - „line>“ durch „line copy>“ |
||
| (20 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
''' | {{DISPLAYTITLE:linux-sysctl-defaults}} | ||
'''linux-sysctl-defaults''' - Standard-Sysctl-Konfiguration für Linux | |||
== Beschreibung == | == Beschreibung == | ||
Standard-Sysctl-Konfiguration für Linux | |||
* Einige sinnvolle Standardwerte für Linux | |||
== Installation == | == Installation == | ||
<syntaxhighlight lang="bash" highlight="1" line> | <syntaxhighlight lang="bash" highlight="1" line copy> | ||
sudo apt install linux-sysctl-defaults | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== | |||
<syntaxhighlight lang="bash | == Dateien == | ||
<syntaxhighlight lang="bash" line copy> | |||
/usr/lib/sysctl.d/50-default.conf | |||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang="bash" line copy> | |||
# This file originated from systemd. | |||
# | |||
# This is free software; you can redistribute it and/or modify it | |||
# under the terms of the GNU Lesser General Public License as published by | |||
# the Free Software Foundation; either version 2.1 of the License, or | |||
# (at your option) any later version. | |||
# See sysctl.d(5) and core(5) for documentation. | |||
# To override settings in this file, create a local file in /etc | |||
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments | |||
# there. | |||
# System Request functionality of the kernel (SYNC) | |||
# | |||
# Use kernel.sysrq = 1 to allow all keys. | |||
# See https://docs.kernel.org/admin-guide/sysrq.html for a list | |||
# of values and keys. | |||
kernel.sysrq = 0x01b6 | |||
# Append the PID to the core filename | |||
kernel.core_uses_pid = 1 | |||
# Source route verification | |||
net.ipv4.conf.default.rp_filter = 2 | |||
net.ipv4.conf.*.rp_filter = 2 | |||
-net.ipv4.conf.all.rp_filter | |||
# Do not accept source routing | |||
net.ipv4.conf.default.accept_source_route = 0 | |||
net.ipv4.conf.*.accept_source_route = 0 | |||
-net.ipv4.conf.all.accept_source_route | |||
# Promote secondary addresses when the primary address is removed | |||
net.ipv4.conf.default.promote_secondaries = 1 | |||
net.ipv4.conf.*.promote_secondaries = 1 | |||
-net.ipv4.conf.all.promote_secondaries | |||
# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW | |||
' | # The upper limit is set to 2^31-1. Values greater than that get rejected by | ||
# the kernel because of this definition in linux/include/net/ping.h: | |||
# #define GID_T_MAX (((gid_t)~0U) >> 1) | |||
# That's not so bad because values between 2^31 and 2^32-1 are reserved on | |||
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary | |||
-net.ipv4.ping_group_range = 0 2147483647 | |||
# Fair Queue CoDel packet scheduler to fight bufferbloat | |||
-net.core.default_qdisc = fq_codel | |||
# Enable hard and soft link protection | |||
fs.protected_hardlinks = 1 | |||
fs.protected_symlinks = 1 | |||
# Enable regular file and FIFO protection | |||
fs.protected_regular = 2 | |||
fs.protected_fifos = 1 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
<noinclude> | |||
== Anhang == | |||
=== Siehe auch === | |||
{{Special:PrefixIndex/sysctl}} | |||
{{SORTIERUNG:linux-sysctl-defaults}} | |||
[[Kategorie:sysctl]] | |||
[[Kategorie:Linux/Software/Paket]] | [[Kategorie:Linux/Software/Paket]] | ||
</noinclude> | |||
Aktuelle Version vom 11. Mai 2025, 12:43 Uhr
linux-sysctl-defaults - Standard-Sysctl-Konfiguration für Linux
Beschreibung
Standard-Sysctl-Konfiguration für Linux
- Einige sinnvolle Standardwerte für Linux
Installation
sudo apt install linux-sysctl-defaults
Dateien
/usr/lib/sysctl.d/50-default.conf
# This file originated from systemd.
#
# This is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See sysctl.d(5) and core(5) for documentation.
# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.
# System Request functionality of the kernel (SYNC)
#
# Use kernel.sysrq = 1 to allow all keys.
# See https://docs.kernel.org/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 0x01b6
# Append the PID to the core filename
kernel.core_uses_pid = 1
# Source route verification
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.*.rp_filter = 2
-net.ipv4.conf.all.rp_filter
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.*.accept_source_route = 0
-net.ipv4.conf.all.accept_source_route
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.*.promote_secondaries = 1
-net.ipv4.conf.all.promote_secondaries
# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
# #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary
-net.ipv4.ping_group_range = 0 2147483647
# Fair Queue CoDel packet scheduler to fight bufferbloat
-net.core.default_qdisc = fq_codel
# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
# Enable regular file and FIFO protection
fs.protected_regular = 2
fs.protected_fifos = 1
Anhang
Siehe auch