# DO NOT EDIT - This file is being maintained by Chef

# Stop low-level messages on console
kernel.printk = 4 4 1 7

# Enable /proc/$pid/maps privacy so that memory relocations are not
# visible to other users.  (Added in kernel 2.6.22.)
kernel.maps_protect = 1

# Protect the zero page of memory from userspace mmap to prevent kernel
# NULL-dereference attacks against potential future kernel security
# vulnerabilities.  (Added in kernel 2.6.23.)
#
# While this default is built into the Ubuntu kernel, there is no way to
# restore the kernel default if the value is changed during runtime; for
# example via package removal (e.g. wine, dosemu).  Therefore, this value
# is reset to the secure default each time the sysctl values are loaded.
vm.mmap_min_addr = 65536

# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks.
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
<% node[:sysctl].each do |name,group| -%>

# <%= group[:comment] %>
<% group[:parameters].each do |key,value| -%>
<%= key %> = <%= value %>
<% end -%>
<% end -%>