A few useful sysctl variables in FreBSD

Wed 23 April 2008

FreeBSD is my primary choice when I need to install a new server and if I don't need virtualization (OpenVZ, Linux-VServer, XEN, Vmware, ...). If I need to implement a virtualization solution then CentOS is my friend.

Only I would like to point some interesting sysctl variables which you can set on a FreeBSD box:

TCP and UDP black hole:

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

To prevent a user from seeing what other processes a user is running (via ps aux or otherwise), and to prevent a user from reading dmesg.

security.bsd.see_other_uids=0
security.bsd.unprivileged_read_msgbuf=0