# default kernel parameters
rm -f /etc/sysctl.conf.$$
cat > /etc/sysctl.conf.$$ <<EOF
-kernel.exec-shield=3
kernel.maps_protect=1
net.core.rmem_default=1048576
net.core.wmem_default=1048576
# old kernel params
if [ -e /etc/sysctl.conf ]; then
- egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies' \
+ egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield' \
/etc/sysctl.conf >> /etc/sysctl.conf.$$
fi