Breakdown of systemd-sysctl.

External links:

• man page
• FreeDesktop page

• /etc/
  • sysctl.conf [empty]
  • sysctl.d/
    • 99-sysctl.conf [link to above so empty]
• /usr/lib/
  • systemd/
    • systemd-sysctl
    • system/
      • systemd-sysctl.service
      • sysinit.target.wants/
        • systemd-sysctl.service
  • sysctl.d/
    • 10-default-yama-scope.conf
    • 20-pptpd.conf
    • 50-coredump.conf
    • 50-default.conf
    • 50-libkcapi-optmem_max.conf
    • 60-libvirtd.conf

kernel.yama.ptrace_scope = 0

net.ipv4.ip_forward = 1

kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e

# Use kernel.sysrq = 1 to allow all keys.
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 16

# Append the PID to the core filename
kernel.core_uses_pid = 1

# Source route verification
net.ipv4.conf.all.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1

# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

net.core.optmem_max = 81920

fs.aio-max-nr = 1048576