dertin/fstab

## fstab
# /etc/fstab

UUID=XXXXXXXXXXX  /  ext4    noatime,nodelalloc,barrier=0,i_version,commit=30,inode_readahead_blks=64,rw,errors=remount-ro    0    1

## fstrim
# /etc/cron.weekly/fstrim
# sudo chmod +x /etc/cron.weekly/fstrim

#!/bin/sh
/sbin/fstrim --all || true

## grub
# /etc/default/grub
## apply changes with the command: sudo update-grub

# add:
GRUB_CMDLINE_LINUX="elevator=noop"

## limits.conf
# /etc/security/limits.conf

# Performance Tuning
*       soft    nproc   32768
*       hard    nproc   65535
*       soft    nofile  32768
*       hard    nofile  65535
root    soft    nproc   32768
root    hard    nproc   65535
root    soft    nofile  32768
root    hard    nofile  65535

## sysctl.conf
# /etc/sysctl.conf

## apply changes with the command: sudo sysctl -p

########## Kernel start ##############

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# increase system file descriptor limit
fs.file-max = 65535

#Allow for more PIDs
kernel.pid_max = 65536

#Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1

kernel.printk = 4 4 1 7
kernel.panic = 10
kernel.shmmax = 4294967296
kernel.shmall = 4194304
kernel.msgmnb = 65536
kernel.msgmax = 65536

########## Kernel end ##############

########## Swap start ##############

vm.swappiness = 10
vm.vfs_cache_pressure = 50
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5
vm.dirty_writeback_centisecs = 12000

########## Swap end ##############

########## IPv4 networking start ##############

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Send redirects, if router, but this is just server
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# Accept packets with SRR option? No
net.ipv4.conf.all.accept_source_route = 0

# Accept Redirects? No, this is not router
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

# Log packets with impossible addresses to kernel log? yes
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_synack_retries = 2

# Enable source validation by reversed path, as specified in RFC1812
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# TCP and memory optimization
# increase TCP max buffer size setable using setsockopt()
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608

# increase Linux auto tuning TCP buffer limits
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1

#Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000

net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_mtu_probing = 1

# TCP Fast Open
net.ipv4.tcp_fastopen = 3

net.ipv4.tcp_congestion_control = htcp

########## IPv4 networking ends ##############

########## IPv6 networking start ##############

# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0

# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0

# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0

# Setting controls whether the system will accept Hop Limit settings
# from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0

#router advertisements can cause the system to assign a global unicast
#address to an interface
net.ipv6.conf.default.autoconf = 0

#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0

# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1

########## IPv6 networking ends ##############
	# /etc/fstab

	UUID=XXXXXXXXXXX / ext4 noatime,nodelalloc,barrier=0,i_version,commit=30,inode_readahead_blks=64,rw,errors=remount-ro 0 1
	# /etc/cron.weekly/fstrim
	# sudo chmod +x /etc/cron.weekly/fstrim

	#!/bin/sh
	/sbin/fstrim --all \|\| true
	# /etc/default/grub
	## apply changes with the command: sudo update-grub

	# add:
	GRUB_CMDLINE_LINUX="elevator=noop"
	# /etc/security/limits.conf

	# Performance Tuning
	* soft nproc 32768
	* hard nproc 65535
	* soft nofile 32768
	* hard nofile 65535
	root soft nproc 32768
	root hard nproc 65535
	root soft nofile 32768
	root hard nofile 65535
	# /etc/sysctl.conf

	## apply changes with the command: sudo sysctl -p

	########## Kernel start ##############

	# Controls the System Request debugging functionality of the kernel
	kernel.sysrq = 0

	# Controls whether core dumps will append the PID to the core filename
	# Useful for debugging multi-threaded applications
	kernel.core_uses_pid = 1

	# increase system file descriptor limit
	fs.file-max = 65535

	#Allow for more PIDs
	kernel.pid_max = 65536

	#Enable ExecShield protection
	kernel.exec-shield = 1
	kernel.randomize_va_space = 1

	kernel.printk = 4 4 1 7
	kernel.panic = 10
	kernel.shmmax = 4294967296
	kernel.shmall = 4194304
	kernel.msgmnb = 65536
	kernel.msgmax = 65536

	########## Kernel end ##############

	########## Swap start ##############

	vm.swappiness = 10
	vm.vfs_cache_pressure = 50
	vm.dirty_ratio = 80
	vm.dirty_background_ratio = 5
	vm.dirty_writeback_centisecs = 12000

	########## Swap end ##############

	########## IPv4 networking start ##############

	# Controls IP packet forwarding
	net.ipv4.ip_forward = 0

	# Controls source route verification
	net.ipv4.conf.default.rp_filter = 1

	# Do not accept source routing
	net.ipv4.conf.default.accept_source_route = 0

	# Send redirects, if router, but this is just server
	net.ipv4.conf.all.send_redirects = 0
	net.ipv4.conf.default.send_redirects = 0

	# Accept packets with SRR option? No
	net.ipv4.conf.all.accept_source_route = 0

	# Accept Redirects? No, this is not router
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.all.secure_redirects = 0

	# Log packets with impossible addresses to kernel log? yes
	net.ipv4.conf.all.log_martians = 1
	net.ipv4.conf.default.log_martians = 1
	net.ipv4.conf.default.accept_source_route = 0
	net.ipv4.conf.default.accept_redirects = 0
	net.ipv4.conf.default.secure_redirects = 0

	# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
	net.ipv4.icmp_echo_ignore_broadcasts = 1

	# Turn on protection for bad icmp error messages
	net.ipv4.icmp_ignore_bogus_error_responses = 1

	# Prevent against the common 'syn flood attack'
	net.ipv4.tcp_syncookies = 1

	# Controls the use of TCP syncookies
	net.ipv4.tcp_synack_retries = 2

	# Enable source validation by reversed path, as specified in RFC1812
	net.ipv4.conf.all.rp_filter = 1
	net.ipv4.conf.default.rp_filter = 1

	# TCP and memory optimization
	# increase TCP max buffer size setable using setsockopt()
	net.ipv4.tcp_rmem = 4096 87380 8388608
	net.ipv4.tcp_wmem = 4096 87380 8388608

	# increase Linux auto tuning TCP buffer limits
	net.core.rmem_max = 8388608
	net.core.wmem_max = 8388608
	net.core.netdev_max_backlog = 5000
	net.ipv4.tcp_window_scaling = 1

	#Increase system IP port limits
	net.ipv4.ip_local_port_range = 2000 65000

	net.ipv4.tcp_tw_reuse = 1
	net.ipv4.tcp_tw_recycle = 0
	net.ipv4.tcp_fin_timeout = 60
	net.ipv4.tcp_slow_start_after_idle = 0
	net.ipv4.tcp_mtu_probing = 1

	# TCP Fast Open
	net.ipv4.tcp_fastopen = 3

	net.ipv4.tcp_congestion_control = htcp

	########## IPv4 networking ends ##############

	########## IPv6 networking start ##############

	# Number of Router Solicitations to send until assuming no routers are present.
	# This is host and not router
	net.ipv6.conf.default.router_solicitations = 0

	# Accept Router Preference in RA?
	net.ipv6.conf.default.accept_ra_rtr_pref = 0

	# Learn Prefix Information in Router Advertisement
	net.ipv6.conf.default.accept_ra_pinfo = 0

	# Setting controls whether the system will accept Hop Limit settings
	# from a router advertisement
	net.ipv6.conf.default.accept_ra_defrtr = 0

	#router advertisements can cause the system to assign a global unicast
	#address to an interface
	net.ipv6.conf.default.autoconf = 0

	#how many neighbor solicitations to send out per address?
	net.ipv6.conf.default.dad_transmits = 0

	# How many global unicast IPv6 addresses can be assigned to each interface?
	net.ipv6.conf.default.max_addresses = 1

	########## IPv6 networking ends ##############