Thread: can't set clock?
View Single Post
  #25   (View Single Post)  
Old 6th July 2008
carpman carpman is offline
Shell Scout
  
Join Date: Jul 2008
Posts: 94
Default
thanks for reply

Quote:
cat /etc/sysctl.conf
# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#

# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1
kern.securelevel=2
net.inet.ip.check_interface=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
kern.fallback_elf_brand=3
net.inet.tcp.syncookies=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=200
# LL sugestions
#Increase Mbufs
kern.ipc.nmbclusters=81920

### Decrease the ARP cache cleanup interval
net.link.ether.inet.max_age=1200

### Disable ICMP broadcast echo activity
#net.inet.icmp.bmcastecho=0

### Disable ICMP routing redirects
net.inet.ip.redirect=0

### Disable ICMP broadcast probes
#net.inet.icmp.masqrepl=0

### Disable IP source routing
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0

### Feed And Slow Syn Cookie Monster
kern.ipc.somaxconn=1024
#net.inet.tcp.syncookies=1

### Increase TCP send and receive window sizes to at least 32 kbytes
#net.inet.tcp.sendspace=65535
#net.inet.tcp.recvspace=65535

### Additional Un Documented For Now Stuff
#net.inet.tcp.log_in_vain=1
#net.inet.udp.log_in_vain=1
#net.inet.ip.check_interface=1
#kern.fallback_elf_brand=3
#net.inet.icmp.icmplim=200
security.jail.allow_raw_sockets=1
security.jail.sysvipc_allowed=1
security.bsd.see_other_uids=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.ip.random_id=1
kern.maxfiles=65536
kern.maxfilesperproc=65536
kern.ipc.somaxconn=8192
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
kern.ipc.maxsockbuf=2097152

Quote:
cat /etc/defaults/rc.conf |grep securelevel
kern_securelevel_enable="YES" # kernel security level (see init(8)),
kern_securelevel="-2" # range: -1..3 ; `-1' is the most insecure
# Note that setting securelevel to 0 will result
# in the system booting with securelevel set to 1, as

Quote:
# sysctl security.jail
security.jail.jailed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.enforce_statfs: 2
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
cheers
Reply With Quote