Ansible roles to configure Linux and MacOS.
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
|
|
|
|
|
sysctl:
|
|
|
|
|
# Увеличение нахождения SSD в режиме suspend
|
|
|
|
|
- name: vm.laptop_mode
|
|
|
|
|
value: 5
|
|
|
|
|
|
|
|
|
|
# При скольких процентах свободной оперативной памяти начинать писать в своп
|
|
|
|
|
- name: vm.swappiness
|
|
|
|
|
value: 10
|
|
|
|
|
|
|
|
|
|
# Запрет обычным пользователям просматривать dmesg
|
|
|
|
|
- name: kernel.dmesg_restrict
|
|
|
|
|
value: 1
|
|
|
|
|
|
|
|
|
|
# Запрет на использование BPF обычными пользователями
|
|
|
|
|
- name: kernel.unprivileged_bpf_disabled
|
|
|
|
|
value: 1
|
|
|
|
|
- name: net.core.bpf_jit_harden
|
|
|
|
|
value: 2
|
|
|
|
|
|
|
|
|
|
# Запрет на переадресацию пакетов
|
|
|
|
|
- name: net.ipv4.ip_forward
|
|
|
|
|
value: 0
|
|
|
|
|
|
|
|
|
|
# Запрет на отправку и принятие ICMP-пакетов
|
|
|
|
|
- name: net.ipv4.conf.all.accept_redirects
|
|
|
|
|
value: 0
|
|
|
|
|
- name: net.ipv4.conf.all.secure_redirects
|
|
|
|
|
value: 0
|
|
|
|
|
- name: net.ipv4.conf.all.send_redirects
|
|
|
|
|
value: 0
|
|
|
|
|
|
|
|
|
|
# Запрет на ICMP-пакеты
|
|
|
|
|
- name: net.ipv4.icmp_echo_ignore_all
|
|
|
|
|
value: 1
|
|
|
|
|
|
