IABSD.fr/src/etc/examples/sysctl.conf

Branch : - branch - master - tag -

• Show log

  Commit

• Author : sthen
  Date : 2024-12-04 13:16:26
  Hash : 52e728d0
  Message : use kmem(4) instead of "all memory" which has more information about what exactly is allowed, and specifically refers to allowkmem (and that it permits both /dev/mem and /dev/kmem). discussed with deraadt

• etc/examples/sysctl.conf

• #	$OpenBSD: sysctl.conf,v 1.7 2024/12/04 13:16:26 sthen Exp $
  #
  # This file contains a list of sysctl options the user wants set at
  # boot time.  See sysctl(2) and sysctl(8) for more information on
  # the many available variables.
  #
  #net.inet.ip.forwarding=1	# 1=Permit forwarding (routing) of IPv4 packets
  #net.inet.ip.mforwarding=1	# 1=Permit forwarding (routing) of IPv4 multicast packets
  #net.inet.ip.multipath=1	# 1=Enable IP multipath routing
  #net.inet.icmp.rediraccept=1	# 1=Accept ICMP redirects
  #net.inet6.ip6.forwarding=1	# 1=Permit forwarding (routing) of IPv6 packets
  #net.inet6.ip6.mforwarding=1	# 1=Permit forwarding (routing) of IPv6 multicast packets
  #net.inet6.ip6.multipath=1	# 1=Enable IPv6 multipath routing
  #net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
  #net.inet.tcp.keepidle=100	# 100=send TCP keepalives every 50 seconds
  #net.inet.esp.enable=0		# 0=Disable the ESP IPsec protocol
  #net.inet.ah.enable=0		# 0=Disable the AH IPsec protocol
  #net.inet.esp.udpencap=0	# 0=Disable ESP-in-UDP encapsulation
  #net.inet.ipcomp.enable=1	# 1=Enable the IPCOMP protocol
  #net.inet.etherip.allow=1	# 1=Enable the Ethernet-over-IP protocol
  #net.inet.tcp.ecn=1		# 1=Enable the TCP ECN extension
  #net.inet.carp.preempt=1	# 1=Enable carp(4) preemption
  #net.inet.carp.log=3		# log level of carp(4) info, default 2
  #net.pipex.enable=1		# 1=Enable pipex(4) for npppd(8)
  #ddb.panic=0			# 0=Do not drop into ddb on a kernel panic
  #ddb.console=1			# 1=Permit entry of ddb from the console
  #ddb.log=1			# 1=Log ddb output in kernel message buffer
  #kern.allowdt=1			# 1=Enable dt(4) device for btrace(8) support
  #kern.allowkmem=1		# 1=Allow access to kmem(4), needed for procmap(8)
  #fs.posix.setuid=0		# 0=Traditional BSD chown() semantics
  #vm.swapencrypt.enable=0	# 0=Do not encrypt pages that go to swap
  #vfs.nfs.iothreads=4		# Number of nfsio kernel threads
  #net.inet.ip.mtudisc=0		# 0=Disable tcp mtu discovery
  #kern.splassert=2		# 2=Enable with verbose error messages
  #kern.nosuidcoredump=3		# 3=Put suid coredumps in /var/crash/progname
  #kern.watchdog.period=32	# >0=Enable hardware watchdog(4) timer if available
  #kern.watchdog.auto=0		# 0=Disable automatic watchdog(4) retriggering
  #hw.allowpowerdown=0		# 0=Disable power button shutdown