rm -f /etc/sysctl.conf.$$
cat > /etc/sysctl.conf.$$ <<'EOF'
kernel.maps_protect=1
+kernel.exec-shield=0
net.core.rmem_default=1048576
net.core.wmem_default=1048576
net.ipv4.conf.all.accept_redirects=0
vm.mmap_min_addr=65536
EOF
-# old kernel params
+# old kernel params (skipping some of the obsolete or overrided entries)
if [ -e /etc/sysctl.conf ]; then
- egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control' \
+ egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control|kernel\.exec-shield' \
/etc/sysctl.conf >> /etc/sysctl.conf.$$
fi