[arch-dev-public] Moving from procps to procps-ng?

Eric Bélanger snowmaniscool at gmail.com
Wed May 2 14:49:45 EDT 2012 

On Mon, Apr 30, 2012 at 3:48 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
> On Mon, Apr 30, 2012 at 3:18 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>> On Mon, Apr 30, 2012 at 3:03 PM, Dan McGee <dpmcgee at gmail.com> wrote:
>>> On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>>>> On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee at gmail.com> wrote:
>>>>> On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>>>>>>
>>>>>> Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf
>>>>>> that I obtained with the help of Jan and Dave on IRC.  The unusefull
>>>>>> stuff from the upstream config have been dropped and the rest has been
>>>>>> commented out. I've also cleaned the syntax.
>>>>>
>>>>>
>>>>> I'd change this comment to at least drop the silly ascii smiley face:
>>>>>    # makes you vulnerable or not :-)
>>>>> and try to elaborate more, e.g.
>>>>>    # if not functioning as a router, there is no need to accept
>>>>> redirects or source routes
>>>>>
>>>>> And maybe add the corresponding ipv6 settings too, since this is 2012.
>>>>
>>>> Sure. I also got an email from a user who suggested to remove them
>>>> (the  accept_redirects and source_route) as well as the forwarding as
>>>> they are are turned off by default. What do you think about that? I
>>>> think we can keep them. The old procps sysctl.conf has the forward
>>>> option and the redirect is probably a common option too.
>>>
>>> My kernel says otherwise about accept_redirects, at least:
>>>
>>> dmcgee at galway ~
>>> $ sudo sysctl -a | grep all.accept_redirects
>>> net.ipv4.conf.all.accept_redirects = 1
>>> net.ipv6.conf.all.accept_redirects = 1
>>>
>>> dmcgee at galway ~
>>> $ sudo sysctl -a | grep all.accept_source_route
>>> net.ipv4.conf.all.accept_source_route = 0
>>> net.ipv6.conf.all.accept_source_route = 0
>>
>> I just checked and it's the same here. Let's keep them then and I'll
>> make the changes you suggested.
>
> I've uploaded a fixed config file: https://dev.archlinux.org/~eric/sysctl.conf
>

Is that sysctl.conf fine with everyone? Does it need other changes
(like the ones I suggested below)? If I don't get  feedback in the
next 2 days, then I'll assume it's OK and will push a procps-ng in
testing with that sysctl.conf

> BTW, Should I add a net.ipv4.conf.all.forwarding option? Can it
> replace the current net.ipv4.ip_forward ?
>
> Eric

More information about the arch-dev-public mailing list