[arch-dev-public] Moving from procps to procps-ng?
Eric Bélanger
snowmaniscool at gmail.com
Mon Apr 30 15:18:41 EDT 2012
On Mon, Apr 30, 2012 at 3:03 PM, Dan McGee <dpmcgee at gmail.com> wrote:
> On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>> On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee at gmail.com> wrote:
>>> On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>>>>
>>>> Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf
>>>> that I obtained with the help of Jan and Dave on IRC. The unusefull
>>>> stuff from the upstream config have been dropped and the rest has been
>>>> commented out. I've also cleaned the syntax.
>>>
>>>
>>> I'd change this comment to at least drop the silly ascii smiley face:
>>> # makes you vulnerable or not :-)
>>> and try to elaborate more, e.g.
>>> # if not functioning as a router, there is no need to accept
>>> redirects or source routes
>>>
>>> And maybe add the corresponding ipv6 settings too, since this is 2012.
>>
>> Sure. I also got an email from a user who suggested to remove them
>> (the accept_redirects and source_route) as well as the forwarding as
>> they are are turned off by default. What do you think about that? I
>> think we can keep them. The old procps sysctl.conf has the forward
>> option and the redirect is probably a common option too.
>
> My kernel says otherwise about accept_redirects, at least:
>
> dmcgee at galway ~
> $ sudo sysctl -a | grep all.accept_redirects
> net.ipv4.conf.all.accept_redirects = 1
> net.ipv6.conf.all.accept_redirects = 1
>
> dmcgee at galway ~
> $ sudo sysctl -a | grep all.accept_source_route
> net.ipv4.conf.all.accept_source_route = 0
> net.ipv6.conf.all.accept_source_route = 0
I just checked and it's the same here. Let's keep them then and I'll
make the changes you suggested.
More information about the arch-dev-public
mailing list