Baseline sysctl-17: Enable logging of martian packets

[mcgege]

As this feature can produce large log files, it can be disabled via 'log_martians'

This PR implements sysctl-17 as discussed in dev-sec/linux-baseline#48 and dev-sec/linux-baseline#72 and should fix #66

Signed-off-by: Michael Geiger michael.geiger@telekom.de

[artem-sidorenko]

@mcgege great! Many thanks!

Maybe we will have to change the defaults later depending on the discussion in dev-sec/linux-baseline#48

@bitvijays looks good to me!

[bitvijays]

@mcgege Thank you for your pull request :) Although the variable name "log_martians" speaks for itself, what are your thoughts if we keep it "enable_log_martians" ? (I might be completely wrong) Just a thought :) may be just to follow the trend? enable_ ? @artem-sidorenko Any thoughts?

[mcgege]

@bitvijays Well, I think the variable name should be sufficient to understand what it's all about, but I'm open to change it ...

[bitvijays]

@mcgege Cool.. Let's change it to enable_log_martians. and this is just to follow the trend of the variables defined above

$enable_ipv6
$enable_ipv6_forwarding
$arp_restricted
$enable_sysrq
$enable_core_dump
$enable_stack_protection
$enable_rpfilter

and I will merge the pull request :)

[bitvijays]

@mcgege You may have to rebase with master to correct the conflict.

[mcgege]

@bitvijays rebase + change done

[bitvijays]

@mcgege Thank you for the Pull request and your contribution :) Merged