| # Prevents SYN DOS attacks. Applies to ipv6 as well, despite name. | |
| net.ipv4.tcp_syncookies = 1 | |
| # Prevents ip spoofing. | |
| net.ipv4.conf.default.rp_filter = 1 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| # Only groups within this id range can use ping. | |
| net.ipv4.ping_group_range=999 59999 | |
| # Redirects can potentially be used to maliciously alter hosts | |
| # routing tables. | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.all.secure_redirects = 1 | |
| net.ipv6.conf.all.accept_redirects = 0 | |
| # The source routing feature includes some known vulnerabilities. | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv6.conf.all.accept_source_route = 0 | |
| # See RFC 1337 | |
| net.ipv4.tcp_rfc1337 = 1 | |
| ## Enable IPv6 Privacy Extensions (see RFC4941 and RFC3041) | |
| net.ipv6.conf.default.use_tempaddr = 2 | |
| net.ipv6.conf.all.use_tempaddr = 2 | |
| # Restarts computer after 120 seconds after kernel panic | |
| kernel.panic = 120 | |
| # Users should not be able to create soft or hard links to files | |
| # which they do not own. This mitigates several privilege | |
| # escalation vulnerabilities. | |
| fs.protected_hardlinks = 1 | |
| fs.protected_symlinks = 1 | |
| # Disable unprivileged use of the bpf(2) syscall. | |
| # Allowing unprivileged use of the bpf(2) syscall may allow a | |
| # malicious user to compromise the machine. | |
| kernel.unprivileged_bpf_disabled = 1 | |
Xet Storage Details
- Size:
- 1.28 kB
- Xet hash:
- f59c8607c9a57a7aad7807c345542e9b86aa951ecff3cbf84c72b5ef1fb0a515
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.