From 0655da328034c0de4ba88ea54613347b906da77e Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 7 Jun 2018 10:52:32 +0000 Subject: main/alpine-baselayout: enable ipv6 and sysrq by default - enable ipv6 by default and fix the sysctl keys for ipv6 - add ::1 entry in /etc/hosts - remove sysrq entry again --- main/alpine-baselayout/APKBUILD | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD index 2e1a8673a2..2f8f896a38 100644 --- a/main/alpine-baselayout/APKBUILD +++ b/main/alpine-baselayout/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel # Maintainer: Natanael Copa pkgname=alpine-baselayout -pkgver=3.0.6 +pkgver=3.1.0 pkgrel=0 pkgdesc="Alpine base dir structure and init scripts" url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" @@ -120,15 +120,19 @@ package() { echo "UTC" > "$pkgdir"/etc/TZ echo "localhost" > "$pkgdir"/etc/hostname - echo "127.0.0.1 localhost localhost.localdomain" > "$pkgdir"/etc/hosts - echo "af_packet" >"$pkgdir"/etc/modules - + cat > "$pkgdir"/etc/hosts <<-EOF + 127.0.0.1 localhost localhost.localdomain + ::1 localhost localhost.localdomain + EOF + cat > "$pkgdir"/etc/modules <<-EOF + af_packet + ipv6 + EOF cat > "$pkgdir"/etc/shells <<-EOF # valid login shells /bin/sh /bin/ash EOF - cat > "$pkgdir"/etc/motd <<-EOF Welcome to Alpine! @@ -160,11 +164,10 @@ package() { net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 1 net.ipv6.conf.all.accept_redirects = 0 - net.ipv6.conf.all.secure_redirects = 1 # The source routing feature includes some known vulnerabilities. net.ipv4.conf.all.accept_source_route = 0 - net.ipv6.conf.all.accept_source-route = 0 + net.ipv6.conf.all.accept_source_route = 0 # See RFC 1337 net.ipv4.tcp_rfc1337 = 1 @@ -176,9 +179,6 @@ package() { # Restarts computer after 120 seconds after kernel panic kernel.panic = 120 - ## Disable magic-sysrq key - kernel.sysrq = 0 - # Users should not be able to create soft or hard links to files # which they do not own. This mitigates several privilege # escalation vulnerabilities. -- cgit v1.2.3