diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2018-01-07 22:49:53 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2018-01-07 22:49:53 -0200 |
| commit | 1988dcd0a5ac2d16cf2d7dbc24304c94f26c2c0c (patch) | |
| tree | 0ddb9e1fadd389ce0f2a0666977af8ad58312440 /manifests/subsystem/sysctl.pp | |
| parent | 12bd1da344adb6ef6d41aaab20bcbac6b942b82b (diff) | |
| download | puppet-nodo-1988dcd0a5ac2d16cf2d7dbc24304c94f26c2c0c.tar.gz puppet-nodo-1988dcd0a5ac2d16cf2d7dbc24304c94f26c2c0c.tar.bz2 | |
Adds nodo::role::proxy::kvm and nodo::role::web::kvm
Diffstat (limited to 'manifests/subsystem/sysctl.pp')
| -rw-r--r-- | manifests/subsystem/sysctl.pp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp index 4329010..1f2cfda 100644 --- a/manifests/subsystem/sysctl.pp +++ b/manifests/subsystem/sysctl.pp @@ -1,6 +1,7 @@ class nodo::subsystem::sysctl { class { 'nodo::subsystem::sysctl::disable_ipv6': } class { 'nodo::subsystem::sysctl::tcp_challenge_ack_limit': } + class { 'nodo::subsystem::sysctl::unprivileged_bpf_disabled': } # Root exploit fix, see http://wiki.debian.org/mmap_min_addr # Maybe this can be remove in the future or included in a sysctl puppet module |