diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-07 10:52:32 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-07 12:38:18 +0000 |
commit | 0655da328034c0de4ba88ea54613347b906da77e (patch) | |
tree | 221012164019752d486c15dfb64bb73dde3ca623 | |
parent | deb396b0df2cef3994cc0de1623028d1c79b5b6c (diff) | |
download | alpine_aports-0655da328034c0de4ba88ea54613347b906da77e.tar.bz2 alpine_aports-0655da328034c0de4ba88ea54613347b906da77e.tar.xz alpine_aports-0655da328034c0de4ba88ea54613347b906da77e.zip |
main/alpine-baselayout: enable ipv6 and sysrq by default
- enable ipv6 by default and fix the sysctl keys for ipv6
- add ::1 entry in /etc/hosts
- remove sysrq entry again
-rw-r--r-- | main/alpine-baselayout/APKBUILD | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD index 2e1a8673a2..2f8f896a38 100644 --- a/main/alpine-baselayout/APKBUILD +++ b/main/alpine-baselayout/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> | 1 | # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> |
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=alpine-baselayout | 3 | pkgname=alpine-baselayout |
4 | pkgver=3.0.6 | 4 | pkgver=3.1.0 |
5 | pkgrel=0 | 5 | pkgrel=0 |
6 | pkgdesc="Alpine base dir structure and init scripts" | 6 | pkgdesc="Alpine base dir structure and init scripts" |
7 | url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" | 7 | url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" |
@@ -120,15 +120,19 @@ package() { | |||
120 | 120 | ||
121 | echo "UTC" > "$pkgdir"/etc/TZ | 121 | echo "UTC" > "$pkgdir"/etc/TZ |
122 | echo "localhost" > "$pkgdir"/etc/hostname | 122 | echo "localhost" > "$pkgdir"/etc/hostname |
123 | echo "127.0.0.1 localhost localhost.localdomain" > "$pkgdir"/etc/hosts | 123 | cat > "$pkgdir"/etc/hosts <<-EOF |
124 | echo "af_packet" >"$pkgdir"/etc/modules | 124 | 127.0.0.1 localhost localhost.localdomain |
125 | 125 | ::1 localhost localhost.localdomain | |
126 | EOF | ||
127 | cat > "$pkgdir"/etc/modules <<-EOF | ||
128 | af_packet | ||
129 | ipv6 | ||
130 | EOF | ||
126 | cat > "$pkgdir"/etc/shells <<-EOF | 131 | cat > "$pkgdir"/etc/shells <<-EOF |
127 | # valid login shells | 132 | # valid login shells |
128 | /bin/sh | 133 | /bin/sh |
129 | /bin/ash | 134 | /bin/ash |
130 | EOF | 135 | EOF |
131 | |||
132 | cat > "$pkgdir"/etc/motd <<-EOF | 136 | cat > "$pkgdir"/etc/motd <<-EOF |
133 | Welcome to Alpine! | 137 | Welcome to Alpine! |
134 | 138 | ||
@@ -160,11 +164,10 @@ package() { | |||
160 | net.ipv4.conf.all.accept_redirects = 0 | 164 | net.ipv4.conf.all.accept_redirects = 0 |
161 | net.ipv4.conf.all.secure_redirects = 1 | 165 | net.ipv4.conf.all.secure_redirects = 1 |
162 | net.ipv6.conf.all.accept_redirects = 0 | 166 | net.ipv6.conf.all.accept_redirects = 0 |
163 | net.ipv6.conf.all.secure_redirects = 1 | ||
164 | 167 | ||
165 | # The source routing feature includes some known vulnerabilities. | 168 | # The source routing feature includes some known vulnerabilities. |
166 | net.ipv4.conf.all.accept_source_route = 0 | 169 | net.ipv4.conf.all.accept_source_route = 0 |
167 | net.ipv6.conf.all.accept_source-route = 0 | 170 | net.ipv6.conf.all.accept_source_route = 0 |
168 | 171 | ||
169 | # See RFC 1337 | 172 | # See RFC 1337 |
170 | net.ipv4.tcp_rfc1337 = 1 | 173 | net.ipv4.tcp_rfc1337 = 1 |
@@ -176,9 +179,6 @@ package() { | |||
176 | # Restarts computer after 120 seconds after kernel panic | 179 | # Restarts computer after 120 seconds after kernel panic |
177 | kernel.panic = 120 | 180 | kernel.panic = 120 |
178 | 181 | ||
179 | ## Disable magic-sysrq key | ||
180 | kernel.sysrq = 0 | ||
181 | |||
182 | # Users should not be able to create soft or hard links to files | 182 | # Users should not be able to create soft or hard links to files |
183 | # which they do not own. This mitigates several privilege | 183 | # which they do not own. This mitigates several privilege |
184 | # escalation vulnerabilities. | 184 | # escalation vulnerabilities. |