Suggest to rename sysctl.conf

[IceCodeNew]

As this file can usually be found shipped with Linux distribution, it may not be good to replace it.
As kernel configuration files are loaded in dictionary order, we can write our kernel harden configuration to file like z_kernel-hardening_by_k4yt3x.conf.

P.S. I would use sysctl --system rather than sysctl -p to load kernel configuration.

Usage:
 sysctl [options] [variable[=value] ...]

Options:
  -a, --all            display all variables
  -A                   alias of -a
  -X                   alias of -a
      --deprecated     include deprecated parameters to listing
  -b, --binary         print value without new line
  -e, --ignore         ignore unknown variables errors
  -N, --names          print variable names without values
  -n, --values         print only values of the given variable(s)
  -p, --load[=<file>]  read values from file
  -f                   alias of -p
      --system         read values from all system directories
  -r, --pattern <expression>
                       select setting that match expression
  -q, --quiet          do not echo variable set
  -w, --write          enable writing a value to variable
  -o                   does nothing
  -x                   does nothing
  -d                   alias of -h

 -h, --help     display this help and exit
 -V, --version  output version information and exit

For more details see sysctl(8).

[k4yt3x]

I spent some time thinking about this problem. I'm still not sure whether to recommend putting this configuration before 99-sysctl.conf or after it. One of the ways to use this configuration file is to make this configuration file static and name it something like 98-k4yt3x.conf. The user can then edit /etc/sysctl.conf to overwrite any of the rules. When the hardened profile gets an update, the new file can be dropped in without too many modifications.

However, according to this quote from README.sysctl, either the developer of procps-ng or Linus suggests to name the local configuration such that it's read after 99-sysctl.conf. This method could be more suitable for those that only want to take this file as a reference, then make their changes of the highest priority permanently.

My personal preference would be for local system settings to go into
/etc/sysctl.d/local.conf but as long as you follow the rules for the names
of the file, anything will work. See sysctl.conf(8) man page for details
of the format.

I think this topic is still debatable, and we can always include all three solutions.

---

As for loading the configuration file, the README.sysctl file says the following:

After making any changes, please run "service procps reload" (or, from
a Debian package maintainer script "deb-systemd-invoke restart procps.service").

In summary, the effect of sysctl --system, systemctl restart procps and systemctl restart systemd-sysctl should be equivalent. They all reload the kernel configuration from all configuration directories. sysctl -p on the other hand, only loads from /etc/sysctl.conf. For a more consistent result, I think preferring sysctl --system or systemctl restart procps would be more ideal like you said. I'll add that shortly.

[k4yt3x]

I've added a whole bunch of stuff into README. Take a look.