From 79a215e4d82f914c141b41f81ba077e5fe7cf931 Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 4 Jun 2024 11:39:38 -0700 Subject: [PATCH] Typo fixes Signed-off-by: Tommy --- etc/sysctl.d/99-server.conf | 4 ++-- etc/sysctl.d/99-workstation.conf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/etc/sysctl.d/99-server.conf b/etc/sysctl.d/99-server.conf index b6fe45d..8cac0e7 100644 --- a/etc/sysctl.d/99-server.conf +++ b/etc/sysctl.d/99-server.conf @@ -71,8 +71,8 @@ net.ipv6.conf.*.accept_redirects = 0 net.ipv4.conf.*.rp_filter = 1 # Respond to ICMP -net.ipv4.icmp_echo_ignore_all = 1 -net.ipv6.icmp.echo_ignore_all = 1 +net.ipv4.icmp_echo_ignore_all = 0 +net.ipv6.icmp.echo_ignore_all = 0 # Enable IP Forwarding # Almost all of my servers run Docker anyways, and Docker absolutely requires this. diff --git a/etc/sysctl.d/99-workstation.conf b/etc/sysctl.d/99-workstation.conf index 9372e75..4ac649d 100644 --- a/etc/sysctl.d/99-workstation.conf +++ b/etc/sysctl.d/99-workstation.conf @@ -42,6 +42,8 @@ net.core.bpf_jit_harden = 2 kernel.unprivileged_userns_clone = 1 # Disable ptrace. Not needed on workstations. +# Also, the Debian gVisor package from Google will just take priority over this with their +# /etc/sysctl.d/999-gvisor.conf file. kernel.yama.ptrace_scope = 3 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl @@ -52,8 +54,6 @@ kernel.perf_event_paranoid = 4 # https://github.com/containerd/containerd/issues/9048 # Disable io_uring, a very sus feature. -# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out -# on a Proxmox node. kernel_io_uring_disable = 2 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel