Re: sysctl.conf

To: debian-user@lists.debian.org
Subject: Re: sysctl.conf
From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
Date: Sat, 26 Oct 2013 21:58:59 +0200
Message-id: <[🔎] 1382817539.656.269.camel@archlinux>
In-reply-to: <[🔎] DUB121-W1A5479B46130E48EE276D8A0E0@phx.gbl>
References: <[🔎] DUB121-W1A5479B46130E48EE276D8A0E0@phx.gbl>

On Sat, 2013-10-26 at 21:37 +0200, Roland RoLaNd wrote:
> All,
> 
> 
> I'm reading up on how to harden debian.
> i just checked /etc/sysctl.conf  and noticed that everything is
> commented out.
> do that mean they're running as defaults or none of what exists in
> this file is implemented?

What do you expect?

I'm using another distro that switched.

ls /etc/sysctl*
/etc/sysctl.conf.pacnew  /etc/sysctl.conf.pacsave

/etc/sysctl.d:

blah

To my surprise, there where unusual settings in /etc/sysctl.conf, I
dropped them during the transition.

What exactly should be not commented out by default?

For the distro I'm using there only is

net.ipv4.tcp_syncookies = 1
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0

by default. I had much more in my /etc/sysctl.conf, caused by what ever
package, but not by me and after I dropped those settings, nothing evil
happened.

So again, what should be enabled by this file?

Reply to:

Follow-Ups:
- RE: sysctl.conf
  - From: Roland RoLaNd <r_o_l_a_n_d@hotmail.com>
- Re: sysctl.conf
  - From: Tom H <tomh0665@gmail.com>

References:
- sysctl.conf
  - From: Roland RoLaNd <r_o_l_a_n_d@hotmail.com>

Prev by Date: Re: vim doesn't have python support?
Next by Date: Re: aptitude misconfigure?
Previous by thread: sysctl.conf
Next by thread: RE: sysctl.conf
Index(es):
- Date
- Thread