From 2a6442ad14649a10f1bcf72f267e108e1ed087cb Mon Sep 17 00:00:00 2001 From: seedboxer Date: Fri, 30 Jun 2017 11:54:36 +0100 Subject: [PATCH] Add files via upload --- sysctl.conf.txt | 128 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 sysctl.conf.txt diff --git a/sysctl.conf.txt b/sysctl.conf.txt new file mode 100644 index 0000000..8d5b397 --- /dev/null +++ b/sysctl.conf.txt @@ -0,0 +1,128 @@ +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# +### IMPROVE SYSTEM MEMORY MANAGEMENT ### + +# Increase size of file handles and inode cache +fs.file-max = 2097152 + +# Do less swapping +vm.swappiness = 10 +vm.dirty_ratio = 60 +vm.dirty_background_ratio = 2 + +### GENERAL NETWORK SECURITY OPTIONS ### + +# Number of times SYNACKs for passive TCP connection. +net.ipv4.tcp_synack_retries = 2 + +# Allowed local port range +net.ipv4.ip_local_port_range = 2000 65535 + +# Protect Against TCP Time-Wait +net.ipv4.tcp_rfc1337 = 1 + +# Decrease the time default value for tcp_fin_timeout connection +net.ipv4.tcp_fin_timeout = 15 + +# Decrease the time default value for connections to keep alive +net.ipv4.tcp_keepalive_time = 300 +net.ipv4.tcp_keepalive_probes = 5 +net.ipv4.tcp_keepalive_intvl = 15 + +### TUNING NETWORK PERFORMANCE ### + +# Default Socket Receive Buffer +net.core.rmem_default = 31457280 + +# Maximum Socket Receive Buffer +net.core.rmem_max = 12582912 + +# Default Socket Send Buffer +net.core.wmem_default = 31457280 + +# Maximum Socket Send Buffer +net.core.wmem_max = 12582912 + +# Increase number of incoming connections +net.core.somaxconn = 4096 + +# Increase number of incoming connections backlog +net.core.netdev_max_backlog = 65536 + +# Increase the maximum amount of option memory buffers +net.core.optmem_max = 25165824 + +# Increase the maximum total buffer-space allocatable +# This is measured in units of pages (4096 bytes) +net.ipv4.tcp_mem = 65536 131072 262144 +net.ipv4.udp_mem = 65536 131072 262144 + +# Increase the read-buffer space allocatable +net.ipv4.tcp_rmem = 8192 87380 16777216 +net.ipv4.udp_rmem_min = 16384 + +# Increase the write-buffer-space allocatable +net.ipv4.tcp_wmem = 8192 65536 16777216 +net.ipv4.udp_wmem_min = 16384 + +# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks +net.ipv4.tcp_max_tw_buckets = 1440000 +net.ipv4.tcp_tw_recycle = 1 +net.ipv4.tcp_tw_reuse = 1