crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
crans_bcfg2/Python/etc/sysctl.conf
Pierre-Elliott Bécue 24e3233e7b [Sysctl] On désactive les extensions de vie privée sur les serveurs du Crans. 
Ignore-this: e6279dc3d58ce89f74dc2f6064dd8f69

darcs-hash:20130122002100-afe24-c3d3108fb5279807013955c4c9223f128ce69f64.gz
2013-01-22 01:21:00 +01:00

50 lines
1.4 KiB
Python
Raw Blame History

# -*- coding: utf-8; mode: python -*-
info["owner"] = "root"
info["group"] = "root"
info["perms"] = 0644
template_ra="""
net.ipv6.conf.%(If)s.autoconf = 0
net.ipv6.conf.%(If)s.accept_ra = 0
net.ipv6.conf.%(If)s.accept_ra_defrtr = 0
net.ipv6.conf.%(If)s.accept_ra_rtr_pref = 0
net.ipv6.conf.%(If)s.accept_ra_pinfo = 0
net.ipv6.conf.%(If)s.accept_source_route = 0
net.ipv6.conf.%(If)s.accept_redirects = 0
"""
header("""
Les modifications locales sont à mettre dans le fichier /etc/sysctl.local
Voir http://wiki.crans.org/CransTechnique/Bcfg2/... pour plus d'explications.
""")
# Définitions communes
print """
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_ra_defrtr = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 0
net.ipv6.conf.all.accept_ra_pinfo = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.use_tempaddr = 0
"""
Probe_Ifs = metadata.Probes["mac"].split('\n')
Ifs = [Probe_Ifs[i] for i in range(len(Probe_Ifs)) if i % 2 == 0]
# Un '.' supplémentaire dans une clé sysctl, c'est mal.
for i in Ifs:
print template_ra % { 'If' : i.replace('.','/') }
print metadata.Probes["sysctl"]
Reference in a new issue View git blame Copy permalink