diff options
| author | J. Michael Welsh <mike.welsh@arm.com> | 2019-01-28 15:54:32 -0600 |
|---|---|---|
| committer | J. Michael Welsh <mike.welsh@arm.com> | 2019-01-28 16:39:38 -0600 |
| commit | cfbff0c8b5cdafe6b96c6853bbc79678ab9a8344 (patch) | |
| tree | f3342357c4633a7d27e410a00dcfada83bfc06ed /recipes-extended | |
| parent | a75a60e052c0a0f0c20b429f2e93cb557c329f6e (diff) | |
Added in as much of the WigWag Meta will build.
Signed-off-by: J. Michael Welsh <mike.welsh@arm.com>
Diffstat (limited to 'recipes-extended')
| -rw-r--r-- | recipes-extended/procps/files/sysctl.conf | 67 | ||||
| -rw-r--r-- | recipes-extended/procps/procps_%.bbappend | 1 |
2 files changed, 68 insertions, 0 deletions
diff --git a/recipes-extended/procps/files/sysctl.conf b/recipes-extended/procps/files/sysctl.conf new file mode 100644 index 0000000..900fe8e --- /dev/null +++ b/recipes-extended/procps/files/sysctl.conf @@ -0,0 +1,67 @@ +# This configuration file is taken from Debian. +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 4 4 1 7 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 +# +# Ignore bogus ICMP errors +#net.ipv4.icmp_ignore_bogus_error_responses = 1 +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +#kernel.shmmax = 141762560 + +# Disable Magic SysRq +kernel.sysrq = 0 diff --git a/recipes-extended/procps/procps_%.bbappend b/recipes-extended/procps/procps_%.bbappend new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/recipes-extended/procps/procps_%.bbappend @@ -0,0 +1 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" |