From patchwork Tue Nov  3 15:14:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 3637
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CQYH01MZNz3wgl
	for <patchwork@web04.haj.ipfire.org>; Tue,  3 Nov 2020 15:14:36 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4CQYGy50rLzvS;
	Tue,  3 Nov 2020 15:14:34 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CQYGy0zt1z2yXQ;
	Tue,  3 Nov 2020 15:14:34 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CQYGw628Rz2xjX
 for <development@lists.ipfire.org>; Tue,  3 Nov 2020 15:14:32 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384))
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4CQYGt54PHzTf
 for <development@lists.ipfire.org>; Tue,  3 Nov 2020 15:14:30 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1604416472;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=z6+bcdS1OfjwNIAIiBDaTicQQcmVBZamj0WfKobCwKA=;
 b=McR+r/rF261i6zyrOYMAlLFJSqsvuV7q2huOVJ2Yk1bt9XVUcTcNRogHTW8QwcEYeDmu1p
 vld1vHjvHQn9X6Cg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1604416472;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=z6+bcdS1OfjwNIAIiBDaTicQQcmVBZamj0WfKobCwKA=;
 b=QXmljNVdjOcyqafwT2cKgSy8nadGV9Q8nK4nj29VzgxH/KRJEVjBMyaHrCIaPlwHCx2Ab3
 Bjcbk1MwyI4AG4iCFs6VV+VX91eZRGPcdHw3W+6BoOPh+YHMGTqatPOBJXAnS15ji4Pjzt
 zJgjbMLD7yzj05mpT/WA6w0aduA3JW/iTFVtMAGdVKsOmchbz+atWfjGcGBLStMdKjufeI
 jOR4GgbaBt2RrE1qAiCwc8hF8sjx8JA1jjyRvryoz3/RKLZPL9a0XtFz702pj7xW/Flf2M
 InHN5CH+lVgjlm0eB/nAF5TJehkcxnxSviaK49vcYa2vkdu2gKSW/7kVo0gC9A==
To: "IPFire: Development-List" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH] sysctl.conf: include PID in file names of generated core
 dumps
Message-ID: <e5df0d02-c8ac-8589-5d2c-4b4c70593024@ipfire.org>
Date: Tue, 3 Nov 2020 16:14:17 +0100
MIME-Version: 1.0
Content-Language: en-US
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

This is recommended by various Linux hardening guides in order to
prevent accidential overwriting of existing core dumps. While it has
probably little to no relevance to the average IPFire user, enabling it
won't harm and fixes a Lynis warning. :-)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/etc/sysctl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index be7c07c85..c9b4c092a 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -103,3 +103,6 @@ net.ipv4.tcp_fastopen = 3
 # This protects against various TCP attacks, such as DoS against or injection
 # of arbitrary segments into prematurely closed connections.
 net.ipv4.tcp_rfc1337 = 1
+
+# Include PID in file names of generated core dumps
+kernel.core_uses_pid = 1