Projet

Général

Profil

sysctl.conf.patch

Samuel LEFOL, 03/03/2011 17:36

Télécharger (2,2 ko)

Voir les différences:

modif/sysctl.conf 2011-03-03 17:20:16.000000000 +0100
1 1 
#----------------------------------------------------------------------------
2 
## sysctl.conf pour Eole/Amon
2 
## sysctl.conf pour Eole/Amon
3 3 
#par samuel morin <samuel.morin@ac-dijon.fr>
4 4 
#----------------------------------------------------------------------------
5 5 

  		




  6
  6
  
    

  		




  7
  7
  
    
# activer l'antispoofing pour eth0

  		




  8
  
  
    
net.ipv4.conf.eth0.rp_filter=1

  		




  
  8
  
    
net.ipv4.conf.eth0.rp_filter = 1

  		




  
  9
  
    
# activer l'antispoofing pour les interfaces

  		




  
  10
  
    
net.ipv4.conf.eth1.rp_filter = 1

  		




  
  11
  
    
%if %%vlan_eth1 == "oui"

  		




  
  12
  
    
%for %%vlans in %%id_vlan_eth1

  		




  
  13
  
    
net.ipv4.conf.eth1/%%{vlans}.rp_filter = 1

  		




  
  14
  
    
%end for

  		




  
  15
  
    
%end if

  		




  
  16
  
    
%if %%nombre_interfaces >= "3"

  		




  
  17
  
    
net.ipv4.conf.eth2.rp_filter = 1

  		




  
  18
  
    
%if %%vlan_eth2 == "oui"

  		




  
  19
  
    
%for %%vlans in %%id_vlan_eth2

  		




  
  20
  
    
net.ipv4.conf.eth2/%%{vlans}.rp_filter = 1

  		




  
  21
  
    
%end for

  		




  
  22
  
    
%end if

  		




  
  23
  
    
%end if

  		




  
  24
  
    
%if %%nombre_interfaces >= "4"

  		




  
  25
  
    
net.ipv4.conf.eth3.rp_filter = 1

  		




  
  26
  
    
%if %%vlan_eth3 == "oui"

  		




  
  27
  
    
%for %%vlans in %%id_vlan_eth3

  		




  
  28
  
    
net.ipv4.conf.eth3/%%{vlans}.rp_filter = 1

  		




  
  29
  
    
%end for

  		




  
  30
  
    
%end if

  		




  
  31
  
    
%end if

  		




  
  32
  
    
%if %%nombre_interfaces >= "5"

  		




  
  33
  
    
net.ipv4.conf.eth4.rp_filter = 1

  		




  
  34
  
    
%if %%vlan_eth4 == "oui"

  		




  
  35
  
    
%for %%vlans in %%id_vlan_eth4

  		




  
  36
  
    
net.ipv4.conf.eth4/%%{vlans}.rp_filter = 1

  		




  
  37
  
    
%end for

  		




  
  38
  
    
%end if

  		




  
  39
  
    
%end if

  		




  
  40
  
    
# activer log martian sources

  		




  
  41
  
    
net.ipv4.conf.all.log_martians = 1

  		




  9
  42
  
    
# Disables packet forwarding

  		




  10
  43
  
    
net.ipv4.ip_forward = 0

  		




  11
  44
  
    
# Enable the magic-sysrq key

  		




  ......




  18
  51
  
    
net.ipv4.tcp_tw_recycle = 1

  		




  19
  52
  
    
#interdire l'ICMP redirection

  		




  20
  53
  
    
net.ipv4.conf.all.accept_redirects = 0

  		




  21
  
  
    
#désactiver source routing 

  		




  
  54
  
    
#désactiver source routing

  		




  22
  55
  
    
net.ipv4.conf.all.accept_source_route = 0

  		




  23
  56
  
    
# Désactiver la notification de congestion (Prble http avec certain serveur)

  		




  24
  57
  
    
net.ipv4.tcp_ecn = 0

  		




  ......




  32
  65
  
    
#kernel.grsecurity.altered_pings = 1

  		




  33
  66
  
    
kernel.hostname = %%nom_machine

  		




  34
  67
  
    
kernel.domainname = %%nom_domaine_local

  		




  35
  
  
    
#ip_no_pmtu_disc : desactive le path mtu discovery le bit DF n'est pas positionne à 1 

  		




  
  68
  
    
#ip_no_pmtu_disc : desactive le path mtu discovery le bit DF n'est pas positionne à 1

  		




  36
  69
  
    
%if %%ip_no_pmtu_disc == "non"

  		




  37
  70
  
    
net.ipv4.ip_no_pmtu_disc = 0

  		




  38
  
  
    
%else if %%ip_no_pmtu_disc == "oui" 

  		




  
  71
  
    
%else if %%ip_no_pmtu_disc == "oui"

  		




  39
  72
  
    
net.ipv4.ip_no_pmtu_disc = 1

  		




  40
  73
  
    
%end if