diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-04-06 09:41:00 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-04-06 09:41:00 +0000 |
| commit | 886d9afc793fa2a719b32270df4b2fb453a02ad7 (patch) | |
| tree | 8a72c30c5ff5da330957685dbfc8baf94d35a591 /puppet | |
| parent | 35d70db4c1f6b8f2f28835ef1880b58d3cb551d6 (diff) | |
| parent | 7268d1ae146bb9aa5e23ee3330457a4eb5a71fd8 (diff) | |
Merge "Add network sysctl tweaks for security"
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/kernel.yaml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index bc4380a5..9b314b2a 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -39,6 +39,20 @@ outputs: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + net.ipv4.conf.default.send_redirects: + value: 0 + net.ipv4.conf.all.send_redirects: + value: 0 + net.ipv4.conf.default.accept_redirects: + value: 0 + net.ipv4.conf.default.secure_redirects: + value: 0 + net.ipv4.conf.all.secure_redirects: + value: 0 + net.ipv4.conf.default.log_martians: + value: 1 + net.ipv4.conf.all.log_martians: + value: 1 net.nf_conntrack_max: value: 500000 net.netfilter.nf_conntrack_max: @@ -52,6 +66,10 @@ outputs: value: 0 net.ipv6.conf.default.autoconf: value: 0 + net.ipv6.conf.default.accept_redirects: + value: 0 + net.ipv6.conf.all.accept_redirects: + value: 0 net.core.netdev_max_backlog: value: 10000 kernel.pid_max: |