From 32d0faadfee7c06b577855c51a42e49659c3e965 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 29 Aug 2020 23:26:44 +1000 Subject: [PATCH] Top half of homework net done --- PWHA1/config | 17 ++++++ PWHA1/rootfs/etc/bird/bird.conf | 0 PWHA1/rootfs/etc/bird/bird6.conf | 0 PWHA1/rootfs/etc/hosts | 5 ++ PWHA1/rootfs/etc/network/interfaces | 0 PWHA1/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHA2/config | 17 ++++++ PWHA2/rootfs/etc/bird/bird.conf | 0 PWHA2/rootfs/etc/bird/bird6.conf | 0 PWHA2/rootfs/etc/hosts | 5 ++ PWHA2/rootfs/etc/network/interfaces | 0 PWHA2/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAA/config | 17 ++++++ PWHAA/rootfs/etc/bird/bird.conf | 0 PWHAA/rootfs/etc/bird/bird6.conf | 0 PWHAA/rootfs/etc/hosts | 5 ++ PWHAA/rootfs/etc/network/interfaces | 0 PWHAA/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAB/config | 17 ++++++ PWHAB/rootfs/etc/bird/bird.conf | 0 PWHAB/rootfs/etc/bird/bird6.conf | 0 PWHAB/rootfs/etc/hosts | 5 ++ PWHAB/rootfs/etc/network/interfaces | 0 PWHAB/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAC/config | 17 ++++++ PWHAC/rootfs/etc/bird/bird.conf | 0 PWHAC/rootfs/etc/bird/bird6.conf | 0 PWHAC/rootfs/etc/hosts | 5 ++ PWHAC/rootfs/etc/network/interfaces | 0 PWHAC/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAD/config | 17 ++++++ PWHAD/rootfs/etc/bird/bird.conf | 0 PWHAD/rootfs/etc/bird/bird6.conf | 0 PWHAD/rootfs/etc/hosts | 5 ++ PWHAD/rootfs/etc/network/interfaces | 0 PWHAD/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAE/config | 17 ++++++ PWHAE/rootfs/etc/bird/bird.conf | 0 PWHAE/rootfs/etc/bird/bird6.conf | 0 PWHAE/rootfs/etc/hosts | 5 ++ PWHAE/rootfs/etc/network/interfaces | 0 PWHAE/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHAF/config | 17 ++++++ PWHAF/rootfs/etc/bird/bird.conf | 0 PWHAF/rootfs/etc/bird/bird6.conf | 0 PWHAF/rootfs/etc/hosts | 5 ++ PWHAF/rootfs/etc/network/interfaces | 0 PWHAF/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE00/config | 27 ++++++++++ PWHE00/rootfs/etc/bird/bird.conf | 0 PWHE00/rootfs/etc/bird/bird6.conf | 0 PWHE00/rootfs/etc/hosts | 5 ++ PWHE00/rootfs/etc/network/interfaces | 8 +++ PWHE00/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE01/config | 17 ++++++ PWHE01/rootfs/etc/bird/bird.conf | 0 PWHE01/rootfs/etc/bird/bird6.conf | 0 PWHE01/rootfs/etc/hosts | 5 ++ PWHE01/rootfs/etc/network/interfaces | 0 PWHE01/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE1/config | 26 +++++++++ PWHE1/rootfs/etc/bird/bird.conf | 0 PWHE1/rootfs/etc/bird/bird6.conf | 0 PWHE1/rootfs/etc/hosts | 5 ++ PWHE1/rootfs/etc/network/interfaces | 9 ++++ PWHE1/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE2/config | 17 ++++++ PWHE2/rootfs/etc/bird/bird.conf | 0 PWHE2/rootfs/etc/bird/bird6.conf | 0 PWHE2/rootfs/etc/hosts | 5 ++ PWHE2/rootfs/etc/network/interfaces | 0 PWHE2/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE3/config | 17 ++++++ PWHE3/rootfs/etc/bird/bird.conf | 0 PWHE3/rootfs/etc/bird/bird6.conf | 0 PWHE3/rootfs/etc/hosts | 5 ++ PWHE3/rootfs/etc/network/interfaces | 0 PWHE3/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE4/config | 17 ++++++ PWHE4/rootfs/etc/bird/bird.conf | 0 PWHE4/rootfs/etc/bird/bird6.conf | 0 PWHE4/rootfs/etc/hosts | 5 ++ PWHE4/rootfs/etc/network/interfaces | 0 PWHE4/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE5/config | 17 ++++++ PWHE5/rootfs/etc/bird/bird.conf | 0 PWHE5/rootfs/etc/bird/bird6.conf | 0 PWHE5/rootfs/etc/hosts | 5 ++ PWHE5/rootfs/etc/network/interfaces | 0 PWHE5/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE6/config | 17 ++++++ PWHE6/rootfs/etc/bird/bird.conf | 0 PWHE6/rootfs/etc/bird/bird6.conf | 0 PWHE6/rootfs/etc/hosts | 5 ++ PWHE6/rootfs/etc/network/interfaces | 0 PWHE6/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWHE7/config | 26 +++++++++ PWHE7/rootfs/etc/bird/bird.conf | 0 PWHE7/rootfs/etc/bird/bird6.conf | 0 PWHE7/rootfs/etc/hosts | 5 ++ PWHE7/rootfs/etc/network/interfaces | 8 +++ PWHE7/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR10/config | 17 ++++++ PWR10/rootfs/etc/bird/bird.conf | 0 PWR10/rootfs/etc/bird/bird6.conf | 0 PWR10/rootfs/etc/hosts | 5 ++ PWR10/rootfs/etc/network/interfaces | 0 PWR10/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR15/config | 45 ++++++++++++++++ PWR15/rootfs/etc/bird/bird.conf | 34 ++++++++++++ PWR15/rootfs/etc/bird/bird6.conf | 33 ++++++++++++ PWR15/rootfs/etc/hosts | 5 ++ PWR15/rootfs/etc/network/interfaces | 37 +++++++++++++ PWR15/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR20/config | 17 ++++++ PWR20/rootfs/etc/bird/bird.conf | 0 PWR20/rootfs/etc/bird/bird6.conf | 0 PWR20/rootfs/etc/hosts | 5 ++ PWR20/rootfs/etc/network/interfaces | 0 PWR20/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR25/config | 41 +++++++++++++++ PWR25/rootfs/etc/bird/bird.conf | 32 +++++++++++ PWR25/rootfs/etc/bird/bird6.conf | 31 +++++++++++ PWR25/rootfs/etc/hosts | 5 ++ PWR25/rootfs/etc/network/interfaces | 28 ++++++++++ PWR25/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR30/config | 17 ++++++ PWR30/rootfs/etc/bird/bird.conf | 0 PWR30/rootfs/etc/bird/bird6.conf | 0 PWR30/rootfs/etc/hosts | 5 ++ PWR30/rootfs/etc/network/interfaces | 0 PWR30/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR35/config | 46 ++++++++++++++++ PWR35/rootfs/etc/bird/bird.conf | 34 ++++++++++++ PWR35/rootfs/etc/bird/bird6.conf | 33 ++++++++++++ PWR35/rootfs/etc/hosts | 5 ++ PWR35/rootfs/etc/network/interfaces | 39 ++++++++++++++ PWR35/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR40/config | 17 ++++++ PWR40/rootfs/etc/bird/bird.conf | 0 PWR40/rootfs/etc/bird/bird6.conf | 0 PWR40/rootfs/etc/hosts | 5 ++ PWR40/rootfs/etc/network/interfaces | 0 PWR40/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR45/config | 46 ++++++++++++++++ PWR45/rootfs/etc/bird/bird.conf | 34 ++++++++++++ PWR45/rootfs/etc/bird/bird6.conf | 33 ++++++++++++ PWR45/rootfs/etc/hosts | 5 ++ PWR45/rootfs/etc/network/interfaces | 39 ++++++++++++++ PWR45/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR5/config | 52 ++++++++++++++++++ PWR5/rootfs/etc/bird/bird.conf | 35 ++++++++++++ PWR5/rootfs/etc/bird/bird6.conf | 29 ++++++++++ PWR5/rootfs/etc/hosts | 5 ++ PWR5/rootfs/etc/network/interfaces | 39 ++++++++++++++ PWR5/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR50/config | 17 ++++++ PWR50/rootfs/etc/bird/bird.conf | 0 PWR50/rootfs/etc/bird/bird6.conf | 0 PWR50/rootfs/etc/hosts | 5 ++ PWR50/rootfs/etc/network/interfaces | 0 PWR50/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ PWR60/config | 17 ++++++ PWR60/rootfs/etc/bird/bird.conf | 0 PWR60/rootfs/etc/bird/bird6.conf | 0 PWR60/rootfs/etc/hosts | 5 ++ PWR60/rootfs/etc/network/interfaces | 0 PWR60/rootfs/etc/sysctl.conf | 79 ++++++++++++++++++++++++++++ 168 files changed, 3536 insertions(+) create mode 100644 PWHA1/config create mode 100644 PWHA1/rootfs/etc/bird/bird.conf create mode 100644 PWHA1/rootfs/etc/bird/bird6.conf create mode 100644 PWHA1/rootfs/etc/hosts create mode 100644 PWHA1/rootfs/etc/network/interfaces create mode 100644 PWHA1/rootfs/etc/sysctl.conf create mode 100644 PWHA2/config create mode 100644 PWHA2/rootfs/etc/bird/bird.conf create mode 100644 PWHA2/rootfs/etc/bird/bird6.conf create mode 100644 PWHA2/rootfs/etc/hosts create mode 100644 PWHA2/rootfs/etc/network/interfaces create mode 100644 PWHA2/rootfs/etc/sysctl.conf create mode 100644 PWHAA/config create mode 100644 PWHAA/rootfs/etc/bird/bird.conf create mode 100644 PWHAA/rootfs/etc/bird/bird6.conf create mode 100644 PWHAA/rootfs/etc/hosts create mode 100644 PWHAA/rootfs/etc/network/interfaces create mode 100644 PWHAA/rootfs/etc/sysctl.conf create mode 100644 PWHAB/config create mode 100644 PWHAB/rootfs/etc/bird/bird.conf create mode 100644 PWHAB/rootfs/etc/bird/bird6.conf create mode 100644 PWHAB/rootfs/etc/hosts create mode 100644 PWHAB/rootfs/etc/network/interfaces create mode 100644 PWHAB/rootfs/etc/sysctl.conf create mode 100644 PWHAC/config create mode 100644 PWHAC/rootfs/etc/bird/bird.conf create mode 100644 PWHAC/rootfs/etc/bird/bird6.conf create mode 100644 PWHAC/rootfs/etc/hosts create mode 100644 PWHAC/rootfs/etc/network/interfaces create mode 100644 PWHAC/rootfs/etc/sysctl.conf create mode 100644 PWHAD/config create mode 100644 PWHAD/rootfs/etc/bird/bird.conf create mode 100644 PWHAD/rootfs/etc/bird/bird6.conf create mode 100644 PWHAD/rootfs/etc/hosts create mode 100644 PWHAD/rootfs/etc/network/interfaces create mode 100644 PWHAD/rootfs/etc/sysctl.conf create mode 100644 PWHAE/config create mode 100644 PWHAE/rootfs/etc/bird/bird.conf create mode 100644 PWHAE/rootfs/etc/bird/bird6.conf create mode 100644 PWHAE/rootfs/etc/hosts create mode 100644 PWHAE/rootfs/etc/network/interfaces create mode 100644 PWHAE/rootfs/etc/sysctl.conf create mode 100644 PWHAF/config create mode 100644 PWHAF/rootfs/etc/bird/bird.conf create mode 100644 PWHAF/rootfs/etc/bird/bird6.conf create mode 100644 PWHAF/rootfs/etc/hosts create mode 100644 PWHAF/rootfs/etc/network/interfaces create mode 100644 PWHAF/rootfs/etc/sysctl.conf create mode 100644 PWHE00/config create mode 100644 PWHE00/rootfs/etc/bird/bird.conf create mode 100644 PWHE00/rootfs/etc/bird/bird6.conf create mode 100644 PWHE00/rootfs/etc/hosts create mode 100644 PWHE00/rootfs/etc/network/interfaces create mode 100644 PWHE00/rootfs/etc/sysctl.conf create mode 100644 PWHE01/config create mode 100644 PWHE01/rootfs/etc/bird/bird.conf create mode 100644 PWHE01/rootfs/etc/bird/bird6.conf create mode 100644 PWHE01/rootfs/etc/hosts create mode 100644 PWHE01/rootfs/etc/network/interfaces create mode 100644 PWHE01/rootfs/etc/sysctl.conf create mode 100644 PWHE1/config create mode 100644 PWHE1/rootfs/etc/bird/bird.conf create mode 100644 PWHE1/rootfs/etc/bird/bird6.conf create mode 100644 PWHE1/rootfs/etc/hosts create mode 100644 PWHE1/rootfs/etc/network/interfaces create mode 100644 PWHE1/rootfs/etc/sysctl.conf create mode 100644 PWHE2/config create mode 100644 PWHE2/rootfs/etc/bird/bird.conf create mode 100644 PWHE2/rootfs/etc/bird/bird6.conf create mode 100644 PWHE2/rootfs/etc/hosts create mode 100644 PWHE2/rootfs/etc/network/interfaces create mode 100644 PWHE2/rootfs/etc/sysctl.conf create mode 100644 PWHE3/config create mode 100644 PWHE3/rootfs/etc/bird/bird.conf create mode 100644 PWHE3/rootfs/etc/bird/bird6.conf create mode 100644 PWHE3/rootfs/etc/hosts create mode 100644 PWHE3/rootfs/etc/network/interfaces create mode 100644 PWHE3/rootfs/etc/sysctl.conf create mode 100644 PWHE4/config create mode 100644 PWHE4/rootfs/etc/bird/bird.conf create mode 100644 PWHE4/rootfs/etc/bird/bird6.conf create mode 100644 PWHE4/rootfs/etc/hosts create mode 100644 PWHE4/rootfs/etc/network/interfaces create mode 100644 PWHE4/rootfs/etc/sysctl.conf create mode 100644 PWHE5/config create mode 100644 PWHE5/rootfs/etc/bird/bird.conf create mode 100644 PWHE5/rootfs/etc/bird/bird6.conf create mode 100644 PWHE5/rootfs/etc/hosts create mode 100644 PWHE5/rootfs/etc/network/interfaces create mode 100644 PWHE5/rootfs/etc/sysctl.conf create mode 100644 PWHE6/config create mode 100644 PWHE6/rootfs/etc/bird/bird.conf create mode 100644 PWHE6/rootfs/etc/bird/bird6.conf create mode 100644 PWHE6/rootfs/etc/hosts create mode 100644 PWHE6/rootfs/etc/network/interfaces create mode 100644 PWHE6/rootfs/etc/sysctl.conf create mode 100644 PWHE7/config create mode 100644 PWHE7/rootfs/etc/bird/bird.conf create mode 100644 PWHE7/rootfs/etc/bird/bird6.conf create mode 100644 PWHE7/rootfs/etc/hosts create mode 100644 PWHE7/rootfs/etc/network/interfaces create mode 100644 PWHE7/rootfs/etc/sysctl.conf create mode 100644 PWR10/config create mode 100644 PWR10/rootfs/etc/bird/bird.conf create mode 100644 PWR10/rootfs/etc/bird/bird6.conf create mode 100644 PWR10/rootfs/etc/hosts create mode 100644 PWR10/rootfs/etc/network/interfaces create mode 100644 PWR10/rootfs/etc/sysctl.conf create mode 100644 PWR15/config create mode 100644 PWR15/rootfs/etc/bird/bird.conf create mode 100644 PWR15/rootfs/etc/bird/bird6.conf create mode 100644 PWR15/rootfs/etc/hosts create mode 100644 PWR15/rootfs/etc/network/interfaces create mode 100644 PWR15/rootfs/etc/sysctl.conf create mode 100644 PWR20/config create mode 100644 PWR20/rootfs/etc/bird/bird.conf create mode 100644 PWR20/rootfs/etc/bird/bird6.conf create mode 100644 PWR20/rootfs/etc/hosts create mode 100644 PWR20/rootfs/etc/network/interfaces create mode 100644 PWR20/rootfs/etc/sysctl.conf create mode 100644 PWR25/config create mode 100644 PWR25/rootfs/etc/bird/bird.conf create mode 100644 PWR25/rootfs/etc/bird/bird6.conf create mode 100644 PWR25/rootfs/etc/hosts create mode 100644 PWR25/rootfs/etc/network/interfaces create mode 100644 PWR25/rootfs/etc/sysctl.conf create mode 100644 PWR30/config create mode 100644 PWR30/rootfs/etc/bird/bird.conf create mode 100644 PWR30/rootfs/etc/bird/bird6.conf create mode 100644 PWR30/rootfs/etc/hosts create mode 100644 PWR30/rootfs/etc/network/interfaces create mode 100644 PWR30/rootfs/etc/sysctl.conf create mode 100644 PWR35/config create mode 100644 PWR35/rootfs/etc/bird/bird.conf create mode 100644 PWR35/rootfs/etc/bird/bird6.conf create mode 100644 PWR35/rootfs/etc/hosts create mode 100644 PWR35/rootfs/etc/network/interfaces create mode 100644 PWR35/rootfs/etc/sysctl.conf create mode 100644 PWR40/config create mode 100644 PWR40/rootfs/etc/bird/bird.conf create mode 100644 PWR40/rootfs/etc/bird/bird6.conf create mode 100644 PWR40/rootfs/etc/hosts create mode 100644 PWR40/rootfs/etc/network/interfaces create mode 100644 PWR40/rootfs/etc/sysctl.conf create mode 100644 PWR45/config create mode 100644 PWR45/rootfs/etc/bird/bird.conf create mode 100644 PWR45/rootfs/etc/bird/bird6.conf create mode 100644 PWR45/rootfs/etc/hosts create mode 100644 PWR45/rootfs/etc/network/interfaces create mode 100644 PWR45/rootfs/etc/sysctl.conf create mode 100644 PWR5/config create mode 100644 PWR5/rootfs/etc/bird/bird.conf create mode 100644 PWR5/rootfs/etc/bird/bird6.conf create mode 100644 PWR5/rootfs/etc/hosts create mode 100644 PWR5/rootfs/etc/network/interfaces create mode 100644 PWR5/rootfs/etc/sysctl.conf create mode 100644 PWR50/config create mode 100644 PWR50/rootfs/etc/bird/bird.conf create mode 100644 PWR50/rootfs/etc/bird/bird6.conf create mode 100644 PWR50/rootfs/etc/hosts create mode 100644 PWR50/rootfs/etc/network/interfaces create mode 100644 PWR50/rootfs/etc/sysctl.conf create mode 100644 PWR60/config create mode 100644 PWR60/rootfs/etc/bird/bird.conf create mode 100644 PWR60/rootfs/etc/bird/bird6.conf create mode 100644 PWR60/rootfs/etc/hosts create mode 100644 PWR60/rootfs/etc/network/interfaces create mode 100644 PWR60/rootfs/etc/sysctl.conf diff --git a/PWHA1/config b/PWHA1/config new file mode 100644 index 0000000..7ebb7f8 --- /dev/null +++ b/PWHA1/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA1/rootfs +lxc.uts.name = PWHA1 diff --git a/PWHA1/rootfs/etc/bird/bird.conf b/PWHA1/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHA1/rootfs/etc/bird/bird6.conf b/PWHA1/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHA1/rootfs/etc/hosts b/PWHA1/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHA1/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHA1/rootfs/etc/network/interfaces b/PWHA1/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHA1/rootfs/etc/sysctl.conf b/PWHA1/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHA1/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHA2/config b/PWHA2/config new file mode 100644 index 0000000..cdced34 --- /dev/null +++ b/PWHA2/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA2/rootfs +lxc.uts.name = PWHA2 diff --git a/PWHA2/rootfs/etc/bird/bird.conf b/PWHA2/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHA2/rootfs/etc/bird/bird6.conf b/PWHA2/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHA2/rootfs/etc/hosts b/PWHA2/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHA2/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHA2/rootfs/etc/network/interfaces b/PWHA2/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHA2/rootfs/etc/sysctl.conf b/PWHA2/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHA2/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAA/config b/PWHAA/config new file mode 100644 index 0000000..a5e8d40 --- /dev/null +++ b/PWHAA/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAA/rootfs +lxc.uts.name = PWHAA diff --git a/PWHAA/rootfs/etc/bird/bird.conf b/PWHAA/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAA/rootfs/etc/bird/bird6.conf b/PWHAA/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAA/rootfs/etc/hosts b/PWHAA/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAA/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAA/rootfs/etc/network/interfaces b/PWHAA/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAA/rootfs/etc/sysctl.conf b/PWHAA/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAA/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAB/config b/PWHAB/config new file mode 100644 index 0000000..3a492e0 --- /dev/null +++ b/PWHAB/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAB/rootfs +lxc.uts.name = PWHAB diff --git a/PWHAB/rootfs/etc/bird/bird.conf b/PWHAB/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAB/rootfs/etc/bird/bird6.conf b/PWHAB/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAB/rootfs/etc/hosts b/PWHAB/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAB/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAB/rootfs/etc/network/interfaces b/PWHAB/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAB/rootfs/etc/sysctl.conf b/PWHAB/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAB/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAC/config b/PWHAC/config new file mode 100644 index 0000000..1bd70f4 --- /dev/null +++ b/PWHAC/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAC/rootfs +lxc.uts.name = PWHAC diff --git a/PWHAC/rootfs/etc/bird/bird.conf b/PWHAC/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAC/rootfs/etc/bird/bird6.conf b/PWHAC/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAC/rootfs/etc/hosts b/PWHAC/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAC/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAC/rootfs/etc/network/interfaces b/PWHAC/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAC/rootfs/etc/sysctl.conf b/PWHAC/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAC/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAD/config b/PWHAD/config new file mode 100644 index 0000000..69c3a36 --- /dev/null +++ b/PWHAD/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAD/rootfs +lxc.uts.name = PWHAD diff --git a/PWHAD/rootfs/etc/bird/bird.conf b/PWHAD/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAD/rootfs/etc/bird/bird6.conf b/PWHAD/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAD/rootfs/etc/hosts b/PWHAD/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAD/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAD/rootfs/etc/network/interfaces b/PWHAD/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAD/rootfs/etc/sysctl.conf b/PWHAD/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAD/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAE/config b/PWHAE/config new file mode 100644 index 0000000..c1c203a --- /dev/null +++ b/PWHAE/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAE/rootfs +lxc.uts.name = PWHAE diff --git a/PWHAE/rootfs/etc/bird/bird.conf b/PWHAE/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAE/rootfs/etc/bird/bird6.conf b/PWHAE/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAE/rootfs/etc/hosts b/PWHAE/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAE/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAE/rootfs/etc/network/interfaces b/PWHAE/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAE/rootfs/etc/sysctl.conf b/PWHAE/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAE/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHAF/config b/PWHAF/config new file mode 100644 index 0000000..2f032a7 --- /dev/null +++ b/PWHAF/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAF/rootfs +lxc.uts.name = PWHAF diff --git a/PWHAF/rootfs/etc/bird/bird.conf b/PWHAF/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAF/rootfs/etc/bird/bird6.conf b/PWHAF/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHAF/rootfs/etc/hosts b/PWHAF/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHAF/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHAF/rootfs/etc/network/interfaces b/PWHAF/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHAF/rootfs/etc/sysctl.conf b/PWHAF/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHAF/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE00/config b/PWHE00/config new file mode 100644 index 0000000..9446683 --- /dev/null +++ b/PWHE00/config @@ -0,0 +1,27 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE00/rootfs +lxc.uts.name = PWHE00 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2001 +lxc.net.0.veth.pair = pwhe00.2001 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:25:e0:00 + + diff --git a/PWHE00/rootfs/etc/bird/bird.conf b/PWHE00/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE00/rootfs/etc/bird/bird6.conf b/PWHE00/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE00/rootfs/etc/hosts b/PWHE00/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE00/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE00/rootfs/etc/network/interfaces b/PWHE00/rootfs/etc/network/interfaces new file mode 100644 index 0000000..54cd6a6 --- /dev/null +++ b/PWHE00/rootfs/etc/network/interfaces @@ -0,0 +1,8 @@ +auto lo +iface lo inet loopback + +auto vlan2001 +iface vlan2001 inet dhcp + +iface vlan2001 inet6 auto +# accept_ra 1 diff --git a/PWHE00/rootfs/etc/sysctl.conf b/PWHE00/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE00/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE01/config b/PWHE01/config new file mode 100644 index 0000000..656715d --- /dev/null +++ b/PWHE01/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE01/rootfs +lxc.uts.name = PWHE01 diff --git a/PWHE01/rootfs/etc/bird/bird.conf b/PWHE01/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE01/rootfs/etc/bird/bird6.conf b/PWHE01/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE01/rootfs/etc/hosts b/PWHE01/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE01/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE01/rootfs/etc/network/interfaces b/PWHE01/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE01/rootfs/etc/sysctl.conf b/PWHE01/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE01/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE1/config b/PWHE1/config new file mode 100644 index 0000000..d3736ac --- /dev/null +++ b/PWHE1/config @@ -0,0 +1,26 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE1/rootfs +lxc.uts.name = PWHE1 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2002 +lxc.net.0.veth.pair = pwhe1.2002 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:25:e1:32 + diff --git a/PWHE1/rootfs/etc/bird/bird.conf b/PWHE1/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE1/rootfs/etc/bird/bird6.conf b/PWHE1/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE1/rootfs/etc/hosts b/PWHE1/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE1/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE1/rootfs/etc/network/interfaces b/PWHE1/rootfs/etc/network/interfaces new file mode 100644 index 0000000..baf9ad5 --- /dev/null +++ b/PWHE1/rootfs/etc/network/interfaces @@ -0,0 +1,9 @@ +auto lo +iface lo inet loopback + +auto vlan2002 +iface vlan2001 inet dhcp + +iface vlan2002 inet6 auto +# accept_ra 1 + diff --git a/PWHE1/rootfs/etc/sysctl.conf b/PWHE1/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE1/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE2/config b/PWHE2/config new file mode 100644 index 0000000..9e05885 --- /dev/null +++ b/PWHE2/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE2/rootfs +lxc.uts.name = PWHE2 diff --git a/PWHE2/rootfs/etc/bird/bird.conf b/PWHE2/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE2/rootfs/etc/bird/bird6.conf b/PWHE2/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE2/rootfs/etc/hosts b/PWHE2/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE2/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE2/rootfs/etc/network/interfaces b/PWHE2/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE2/rootfs/etc/sysctl.conf b/PWHE2/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE2/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE3/config b/PWHE3/config new file mode 100644 index 0000000..0a496b9 --- /dev/null +++ b/PWHE3/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE3/rootfs +lxc.uts.name = PWHE3 diff --git a/PWHE3/rootfs/etc/bird/bird.conf b/PWHE3/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE3/rootfs/etc/bird/bird6.conf b/PWHE3/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE3/rootfs/etc/hosts b/PWHE3/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE3/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE3/rootfs/etc/network/interfaces b/PWHE3/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE3/rootfs/etc/sysctl.conf b/PWHE3/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE3/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE4/config b/PWHE4/config new file mode 100644 index 0000000..9b05cf8 --- /dev/null +++ b/PWHE4/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE4/rootfs +lxc.uts.name = PWHE4 diff --git a/PWHE4/rootfs/etc/bird/bird.conf b/PWHE4/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE4/rootfs/etc/bird/bird6.conf b/PWHE4/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE4/rootfs/etc/hosts b/PWHE4/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE4/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE4/rootfs/etc/network/interfaces b/PWHE4/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE4/rootfs/etc/sysctl.conf b/PWHE4/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE4/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE5/config b/PWHE5/config new file mode 100644 index 0000000..b234290 --- /dev/null +++ b/PWHE5/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE5/rootfs +lxc.uts.name = PWHE5 diff --git a/PWHE5/rootfs/etc/bird/bird.conf b/PWHE5/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE5/rootfs/etc/bird/bird6.conf b/PWHE5/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE5/rootfs/etc/hosts b/PWHE5/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE5/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE5/rootfs/etc/network/interfaces b/PWHE5/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE5/rootfs/etc/sysctl.conf b/PWHE5/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE5/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE6/config b/PWHE6/config new file mode 100644 index 0000000..0a41f39 --- /dev/null +++ b/PWHE6/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE6/rootfs +lxc.uts.name = PWHE6 diff --git a/PWHE6/rootfs/etc/bird/bird.conf b/PWHE6/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE6/rootfs/etc/bird/bird6.conf b/PWHE6/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE6/rootfs/etc/hosts b/PWHE6/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE6/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE6/rootfs/etc/network/interfaces b/PWHE6/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWHE6/rootfs/etc/sysctl.conf b/PWHE6/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE6/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWHE7/config b/PWHE7/config new file mode 100644 index 0000000..6e9c59d --- /dev/null +++ b/PWHE7/config @@ -0,0 +1,26 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE7/rootfs +lxc.uts.name = PWHE7 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2015 +lxc.net.0.veth.pair = pwhe7.2015 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + + diff --git a/PWHE7/rootfs/etc/bird/bird.conf b/PWHE7/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE7/rootfs/etc/bird/bird6.conf b/PWHE7/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWHE7/rootfs/etc/hosts b/PWHE7/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWHE7/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWHE7/rootfs/etc/network/interfaces b/PWHE7/rootfs/etc/network/interfaces new file mode 100644 index 0000000..2a2dede --- /dev/null +++ b/PWHE7/rootfs/etc/network/interfaces @@ -0,0 +1,8 @@ +auto lo +iface lo inet loopback + +auto vlan2015 +iface vlan2001 inet dhcp + +iface vlan2015 inet6 auto + diff --git a/PWHE7/rootfs/etc/sysctl.conf b/PWHE7/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWHE7/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR10/config b/PWR10/config new file mode 100644 index 0000000..f891fe7 --- /dev/null +++ b/PWR10/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR10/rootfs +lxc.uts.name = PWR10 diff --git a/PWR10/rootfs/etc/bird/bird.conf b/PWR10/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR10/rootfs/etc/bird/bird6.conf b/PWR10/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR10/rootfs/etc/hosts b/PWR10/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR10/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR10/rootfs/etc/network/interfaces b/PWR10/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR10/rootfs/etc/sysctl.conf b/PWR10/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR10/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR15/config b/PWR15/config new file mode 100644 index 0000000..6154bb4 --- /dev/null +++ b/PWR15/config @@ -0,0 +1,45 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR15/rootfs +lxc.uts.name = PWR15 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2000 +lxc.net.0.veth.pair = r15.2000 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan2006 +lxc.net.1.veth.pair = r15.2006 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan2005 +lxc.net.2.veth.pair = r15.2005 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.3.type = veth +lxc.net.3.flags = up +lxc.net.3.name = vlan2004 +lxc.net.3.veth.pair = r15.2004 +lxc.net.3.script.up = /etc/lxc/lxc-openvswitch +lxc.net.3.script.down = /etc/lxc/lxc-openvswitch diff --git a/PWR15/rootfs/etc/bird/bird.conf b/PWR15/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..325254f --- /dev/null +++ b/PWR15/rootfs/etc/bird/bird.conf @@ -0,0 +1,34 @@ +router id 172.16.16.15; + +log "/var/log/bird/bird.log" all; + +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + }; + interface "vlan2005" { + stub; + }; + interface "vlan2006" { + stub; + }; + interface "vlan2000" { + }; + }; +}; + + diff --git a/PWR15/rootfs/etc/bird/bird6.conf b/PWR15/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e790bf1 --- /dev/null +++ b/PWR15/rootfs/etc/bird/bird6.conf @@ -0,0 +1,33 @@ +router id 172.16.16.15; + +log "/var/log/bird/bird6.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + }; + interface "vlan2005" { + stub; + }; + interface "vlan2006" { + stub; + }; + interface "vlan2000" { + }; + }; +}; + + diff --git a/PWR15/rootfs/etc/hosts b/PWR15/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR15/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR15/rootfs/etc/network/interfaces b/PWR15/rootfs/etc/network/interfaces new file mode 100644 index 0000000..f01f994 --- /dev/null +++ b/PWR15/rootfs/etc/network/interfaces @@ -0,0 +1,37 @@ +auto lo +iface lo inet loopback + up ip addr add 2001:db8:2a::15 dev lo + +auto vlan2000 +iface vlan2000 inet manual + up ip link set up dev vlan2000 + up ip addr add 2400:5000:6148:2ab2::15/64 dev vlan2000 + down ip addr del 2400:5000:6148:2ab2::15/64 dev vlan2000 + down ip link set down dev vlan2000 + +auto vlan2004 +iface vlan2004 inet manual + up ip link set up dev vlan2004 + up ip addr add 172.16.4.15/24 brd + dev vlan2004 + up ip addr add 2400:5000:6148:2ab1::15/64 dev vlan2004 + down ip addr del 2400:5000:6148:2ab1::15/64 dev vlan2004 + down ip addr del 172.16.4.15/24 dev vlan2004 + down ip link set down dev vlan2004 + +auto vlan2005 +iface vlan2005 inet manual + up ip link set up dev vlan2005 + up ip addr add 172.16.5.1/24 brd + dev vlan2005 + up ip addr add 2400:5000:6148:2ae3::1/64 dev vlan2005 + down ip addr del 2400:5000:6148:2ae3::1/64 dev vlan2005 + down ip addr del 172.16.5.1/24 dev vlan2005 + down ip link set down dev vlan2005 + +auto vlan2006 +iface vlan2006 inet manual + up ip link set up dev vlan2006 + up ip addr add 172.16.6.1/24 brd + dev vlan2006 + up ip addr add 2400:5000:6148:2ae2::1/64 dev vlan2006 + down ip addr del 2400:5000:6148:2ae2::1/64 dev vlan2006 + down ip addr del 172.16.6.1/24 dev vlan2006 + down ip link set down dev vlan2006 diff --git a/PWR15/rootfs/etc/sysctl.conf b/PWR15/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR15/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR20/config b/PWR20/config new file mode 100644 index 0000000..83bc367 --- /dev/null +++ b/PWR20/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR20/rootfs +lxc.uts.name = PWR20 diff --git a/PWR20/rootfs/etc/bird/bird.conf b/PWR20/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR20/rootfs/etc/bird/bird6.conf b/PWR20/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR20/rootfs/etc/hosts b/PWR20/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR20/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR20/rootfs/etc/network/interfaces b/PWR20/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR20/rootfs/etc/sysctl.conf b/PWR20/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR20/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR25/config b/PWR25/config new file mode 100644 index 0000000..e8f5409 --- /dev/null +++ b/PWR25/config @@ -0,0 +1,41 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR25/rootfs +lxc.uts.name = PWR25 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2000 +lxc.net.0.veth.pair = pwr25.2000 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:25:e0:e1 + +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan2001 +lxc.net.1.veth.pair = pwr25.2001 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch +lxc.net.1.hwaddr = 02:00:0a:25:e0:e2 + +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan2002 +lxc.net.2.veth.pair = pwr25.2002 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch +lxc.net.2.hwaddr = 02:00:0a:25:e0:e3 diff --git a/PWR25/rootfs/etc/bird/bird.conf b/PWR25/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..f7220b3 --- /dev/null +++ b/PWR25/rootfs/etc/bird/bird.conf @@ -0,0 +1,32 @@ +router id 172.16.16.25; + +log "/var/log/bird/bird.log" all; + +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2001" { + stub; + }; + interface "vlan2002" { + stub; + }; + interface "vlan2000" { + }; + }; +}; + + diff --git a/PWR25/rootfs/etc/bird/bird6.conf b/PWR25/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..4a3f7a8 --- /dev/null +++ b/PWR25/rootfs/etc/bird/bird6.conf @@ -0,0 +1,31 @@ +router id 172.16.16.25; + +log "/var/log/bird/bird6.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2001" { + stub; + }; + interface "vlan2002" { + stub; + }; + interface "vlan2000" { + }; + }; +}; + + diff --git a/PWR25/rootfs/etc/hosts b/PWR25/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR25/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR25/rootfs/etc/network/interfaces b/PWR25/rootfs/etc/network/interfaces new file mode 100644 index 0000000..1dc6157 --- /dev/null +++ b/PWR25/rootfs/etc/network/interfaces @@ -0,0 +1,28 @@ +auto lo +iface lo inet loopback + up ip addr add 2001:db8:2a::25 dev lo + +auto vlan2000 +iface vlan2000 inet manual + up ip link set up dev vlan2000 + up ip addr add 2400:5000:6148:2ab2::25/64 dev vlan2000 + down ip addr del 2400:5000:6148:2ab2::25/64 dev vlan2000 + down ip link set down dev vlan2000 + +auto vlan2001 +iface vlan2001 inet manual + up ip link set up dev vlan2001 + up ip addr add 172.16.0.1/24 brd + dev vlan2001 + up ip addr add 2400:5000:6148:2ae0::1/64 dev vlan2001 + down ip addr del 2400:5000:6148:2ae0::1/64 dev vlan2001 + down ip addr del 172.16.0.1/24 dev vlan2001 + down ip link set down dev vlan2001 + +auto vlan2002 +iface vlan2002 inet manual + up ip link set up dev vlan2002 + up ip addr add 172.16.1.1/24 brd + dev vlan2001 + up ip addr add 2400:5000:6148:2ae1::1/64 dev vlan2002 + down ip addr del 2400:5000:6148:2ae1::1/64 dev vlan2002 + down ip addr del 172.16.1.1/24 dev vlan2001 + down ip link set down dev vlan2002 diff --git a/PWR25/rootfs/etc/sysctl.conf b/PWR25/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR25/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR30/config b/PWR30/config new file mode 100644 index 0000000..d6e70a1 --- /dev/null +++ b/PWR30/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR30/rootfs +lxc.uts.name = PWR30 diff --git a/PWR30/rootfs/etc/bird/bird.conf b/PWR30/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR30/rootfs/etc/bird/bird6.conf b/PWR30/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR30/rootfs/etc/hosts b/PWR30/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR30/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR30/rootfs/etc/network/interfaces b/PWR30/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR30/rootfs/etc/sysctl.conf b/PWR30/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR30/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR35/config b/PWR35/config new file mode 100644 index 0000000..61d11e3 --- /dev/null +++ b/PWR35/config @@ -0,0 +1,46 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR35/rootfs +lxc.uts.name = PWR35 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2007 +lxc.net.0.veth.pair = r35.2007 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan2015 +lxc.net.1.veth.pair = r35.2015 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan2014 +lxc.net.2.veth.pair = r35.2014 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch + + +lxc.net.3.type = veth +lxc.net.3.flags = up +lxc.net.3.name = vlan2000 +lxc.net.3.veth.pair = r35.2000 +lxc.net.3.script.up = /etc/lxc/lxc-openvswitch +lxc.net.3.script.down = /etc/lxc/lxc-openvswitch diff --git a/PWR35/rootfs/etc/bird/bird.conf b/PWR35/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..969f862 --- /dev/null +++ b/PWR35/rootfs/etc/bird/bird.conf @@ -0,0 +1,34 @@ +router id 172.16.16.35; + +log "/var/log/bird/bird.log" all; + +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2000" { + }; + interface "vlan2007" { + }; + interface "vlan2015" { + stub; + }; + interface "vlan2014" { + stub; + }; + }; +}; + + diff --git a/PWR35/rootfs/etc/bird/bird6.conf b/PWR35/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..112b04b --- /dev/null +++ b/PWR35/rootfs/etc/bird/bird6.conf @@ -0,0 +1,33 @@ +router id 172.16.16.35; + +log "/var/log/bird/bird6.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2000" { + }; + interface "vlan2007" { + }; + interface "vlan2015" { + stub; + }; + interface "vlan2014" { + stub; + }; + }; +}; + + diff --git a/PWR35/rootfs/etc/hosts b/PWR35/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR35/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR35/rootfs/etc/network/interfaces b/PWR35/rootfs/etc/network/interfaces new file mode 100644 index 0000000..b86797b --- /dev/null +++ b/PWR35/rootfs/etc/network/interfaces @@ -0,0 +1,39 @@ +auto lo +iface lo inet loopback + up ip addr add 2001:db8:2a::15 dev lo + +auto vlan2000 +iface vlan2000 inet manual + up ip link set up dev vlan2000 + up ip addr add 172.16.0.35/24 brd + dev vlan2000 + up ip addr add 2400:5000:6148:2ab2::35/64 dev vlan2000 + down ip addr del 2400:5000:6148:2ab2::35/64 dev vlan2000 + down ip addr del 172.16.0.35/24 dev vlan2000 + down ip link set down dev vlan2000 + +auto vlan2007 +iface vlan2007 inet manual + up ip link set up dev vlan2007 + up ip addr add 172.16.7.35/24 brd + dev vlan2007 + up ip addr add 2400:5000:6148:2ab3::35/64 dev vlan2007 + down ip addr del 2400:5000:6148:2ab3::35/64 dev vlan2007 + down ip addr del 172.16.7.35/24 dev vlan2007 + down ip link set down dev vlan2007 + +auto vlan2015 +iface vlan2015 inet manual + up ip link set up dev vlan2015 + up ip addr add 172.16.15.1/24 brd + dev vlan2015 + up ip addr add 2400:5000:6148:2ae7::1/64 dev vlan2015 + down ip addr del 2400:5000:6148:2ae7::1/64 dev vlan2015 + down ip addr del 172.16.15.1/24 dev vlan2015 + down ip link set down dev vlan2015 + +auto vlan2014 +iface vlan2014 inet manual + up ip link set up dev vlan2014 + up ip addr add 172.16.14.1/24 brd + dev vlan2014 + up ip addr add 2400:5000:6148:2ae6::1/64 dev vlan2014 + down ip addr del 2400:5000:6148:2ae6::1/64 dev vlan2014 + down ip addr del 172.16.14.1/24 dev vlan2014 + down ip link set down dev vlan2014 diff --git a/PWR35/rootfs/etc/sysctl.conf b/PWR35/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR35/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR40/config b/PWR40/config new file mode 100644 index 0000000..506b7c2 --- /dev/null +++ b/PWR40/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR40/rootfs +lxc.uts.name = PWR40 diff --git a/PWR40/rootfs/etc/bird/bird.conf b/PWR40/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR40/rootfs/etc/bird/bird6.conf b/PWR40/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR40/rootfs/etc/hosts b/PWR40/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR40/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR40/rootfs/etc/network/interfaces b/PWR40/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR40/rootfs/etc/sysctl.conf b/PWR40/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR40/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR45/config b/PWR45/config new file mode 100644 index 0000000..3adac73 --- /dev/null +++ b/PWR45/config @@ -0,0 +1,46 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR45/rootfs +lxc.uts.name = PWR45 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan2007 +lxc.net.0.veth.pair = r45.2007 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan2011 +lxc.net.1.veth.pair = r45.2011 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan2012 +lxc.net.2.veth.pair = r45.2012 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.3.type = veth +lxc.net.3.flags = up +lxc.net.3.name = vlan2004 +lxc.net.3.veth.pair = r45.2004 +lxc.net.3.script.up = /etc/lxc/lxc-openvswitch +lxc.net.3.script.down = /etc/lxc/lxc-openvswitch + diff --git a/PWR45/rootfs/etc/bird/bird.conf b/PWR45/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..4155f3e --- /dev/null +++ b/PWR45/rootfs/etc/bird/bird.conf @@ -0,0 +1,34 @@ +router id 172.16.16.45; + +log "/var/log/bird/bird.log" all; + +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + }; + interface "vlan2007" { + }; + interface "vlan2011" { + stub; + }; + interface "vlan2012" { + stub; + }; + }; +}; + + diff --git a/PWR45/rootfs/etc/bird/bird6.conf b/PWR45/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..264240a --- /dev/null +++ b/PWR45/rootfs/etc/bird/bird6.conf @@ -0,0 +1,33 @@ +router id 172.16.16.45; + +log "/var/log/bird/bird6.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + }; + interface "vlan2007" { + }; + interface "vlan2011" { + stub; + }; + interface "vlan2012" { + stub; + }; + }; +}; + + diff --git a/PWR45/rootfs/etc/hosts b/PWR45/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR45/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR45/rootfs/etc/network/interfaces b/PWR45/rootfs/etc/network/interfaces new file mode 100644 index 0000000..013d26d --- /dev/null +++ b/PWR45/rootfs/etc/network/interfaces @@ -0,0 +1,39 @@ +auto lo +iface lo inet loopback + up ip addr add 2001:db8:2a::15 dev lo + +auto vlan2007 +iface vlan2007 inet manual + up ip link set up dev vlan2007 + up ip addr add 172.16.7.45/24 brd + dev vlan2007 + up ip addr add 2400:5000:6148:2ab3::45/64 dev vlan2007 + down ip addr del 2400:5000:6148:2ab3::45/64 dev vlan2007 + down ip addr del 172.16.7.45/24 dev vlan2007 + down ip link set down dev vlan2007 + +auto vlan2011 +iface vlan2011 inet manual + up ip link set up dev vlan2011 + up ip addr add 172.16.11.1/24 brd + dev vlan2011 + up ip addr add 2400:5000:6148:2ae5::1/64 dev vlan2011 + down ip addr del 2400:5000:6148:2ae5::1/64 dev vlan2011 + down ip addr del 172.16.11.1/24 dev vlan2011 + down ip link set down dev vlan2011 + +auto vlan2012 +iface vlan2012 inet manual + up ip link set up dev vlan2012 + up ip addr add 172.16.12.1/24 brd + dev vlan2012 + up ip addr add 2400:5000:6128:2ae4::1/64 dev vlan2012 + down ip addr del 2400:5000:6128:2ae4::1/64 dev vlan2012 + down ip addr del 172.16.12.1/24 dev vlan2012 + down ip link set down dev vlan2012 + +auto vlan2004 +iface vlan2004 inet manual + up ip link set up dev vlan2004 + up ip addr add 172.16.4.45/24 brd + dev vlan2004 + up ip addr add 2400:5000:6148:2ab1::45/64 dev vlan2004 + down ip addr del 2400:5000:6148:2ab1::45/64 dev vlan2004 + down ip addr del 172.16.4.45/24 dev vlan2004 + down ip link set down dev vlan2004 diff --git a/PWR45/rootfs/etc/sysctl.conf b/PWR45/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR45/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR5/config b/PWR5/config new file mode 100644 index 0000000..8e7e509 --- /dev/null +++ b/PWR5/config @@ -0,0 +1,52 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR5/rootfs +lxc.uts.name = PWR5 + + + + + + + + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan10 +lxc.net.0.veth.pair = r5.10 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan2004 +lxc.net.1.veth.pair = r5.2004 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan2007 +lxc.net.2.veth.pair = r5.2007 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.3.type = veth +lxc.net.3.flags = up +lxc.net.3.name = vlan2008 +lxc.net.3.veth.pair = r5.2008 +lxc.net.3.script.up = /etc/lxc/lxc-openvswitch +lxc.net.3.script.down = /etc/lxc/lxc-openvswitch diff --git a/PWR5/rootfs/etc/bird/bird.conf b/PWR5/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e935c3a --- /dev/null +++ b/PWR5/rootfs/etc/bird/bird.conf @@ -0,0 +1,35 @@ +router id 172.16.16.15; + +log "/var/log/bird/bird.log" all; + +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + stub; + }; + interface "vlan2005" { + stub; + }; + interface "vlan2006" { + stub; + }; + interface "vlan2000" { + }; + }; +}; + + diff --git a/PWR5/rootfs/etc/bird/bird6.conf b/PWR5/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..45c84b5 --- /dev/null +++ b/PWR5/rootfs/etc/bird/bird6.conf @@ -0,0 +1,29 @@ +router id 172.16.16.5; + +log "/var/log/bird/bird6.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan2004" { + }; + interface "vlan2007" { + }; + interface "vlan2008" { + }; + }; +}; + + diff --git a/PWR5/rootfs/etc/hosts b/PWR5/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR5/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR5/rootfs/etc/network/interfaces b/PWR5/rootfs/etc/network/interfaces new file mode 100644 index 0000000..8417ace --- /dev/null +++ b/PWR5/rootfs/etc/network/interfaces @@ -0,0 +1,39 @@ +auto lo +iface lo inet loopback + up ip addr add 2001:db8:2a::25 dev lo + + +# Internet interface, TBA +#auto vlan10 +#iface vlan10 inet manual +# up ip link set up dev vlan10 +# up ip addr add 2400:5000:6148:1eaa::25/64 dev vlan10 +# down ip addr del 2400:5000:6148:2ab2::25/64 dev vlan10 +# down ip link set down dev vlan10 + +auto vlan2004 +iface vlan2004 inet manual + up ip link set up dev vlan2004 + up ip addr add 172.16.4.5/24 brd + dev vlan2004 + up ip addr add 2400:5000:6148:2ab1::5/64 dev vlan2004 + down ip addr del 2400:5000:6148:2ab1::5/64 dev vlan2004 + down ip addr del 172.16.4.5/24 dev vlan2004 + down ip link set down dev vlan2004 + +auto vlan2007 +iface vlan2007 inet manual + up ip link set up dev vlan2007 + up ip addr add 172.16.5.5/24 brd + dev vlan2007 + up ip addr add 2400:5000:6148:2ab3::5/64 dev vlan2007 + down ip addr del 2400:5000:6148:2ab3::5/64 dev vlan2007 + down ip addr del 172.16.5.5/24 dev vlan2007 + down ip link set down dev vlan2007 + +auto vlan2008 +iface vlan2008 inet manual + up ip link set up dev vlan2008 + up ip addr add 172.16.8.5/24 brd + dev vlan2008 + up ip addr add 2400:5000:6148:2acc::5/64 dev vlan2008 + down ip addr del 2400:5000:6148:2acc::5/64 dev vlan2008 + down ip addr del 172.16.8.5/24 dev vlan2008 + down ip link set down dev vlan2008 diff --git a/PWR5/rootfs/etc/sysctl.conf b/PWR5/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR5/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR50/config b/PWR50/config new file mode 100644 index 0000000..3d9eb19 --- /dev/null +++ b/PWR50/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR50/rootfs +lxc.uts.name = PWR50 diff --git a/PWR50/rootfs/etc/bird/bird.conf b/PWR50/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR50/rootfs/etc/bird/bird6.conf b/PWR50/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR50/rootfs/etc/hosts b/PWR50/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR50/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR50/rootfs/etc/network/interfaces b/PWR50/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR50/rootfs/etc/sysctl.conf b/PWR50/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR50/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/PWR60/config b/PWR60/config new file mode 100644 index 0000000..da35c88 --- /dev/null +++ b/PWR60/config @@ -0,0 +1,17 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/PWR60/rootfs +lxc.uts.name = PWR60 diff --git a/PWR60/rootfs/etc/bird/bird.conf b/PWR60/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR60/rootfs/etc/bird/bird6.conf b/PWR60/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/PWR60/rootfs/etc/hosts b/PWR60/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/PWR60/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/PWR60/rootfs/etc/network/interfaces b/PWR60/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/PWR60/rootfs/etc/sysctl.conf b/PWR60/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/PWR60/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0