Created
February 1, 2017 08:23
-
-
Save prafulbagai/6ff9db8c05e1fc9d81af3b63b71a40fd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # file descriptor | |
| # Change 400000 to increase or decrease number of file descriptor | |
| echo "* soft nofile 400000" >> /etc/security/limits.conf | |
| echo "* hard nofile 400000" >> /etc/security/limits.conf | |
| # Changing kernal parameters (modify value if required) | |
| # Increase number of incoming connections | |
| echo "net.core.somaxconn = 262144" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_max_syn_backlog = 16384" >> /etc/sysctl.conf | |
| # Increase number of incoming connections backlog | |
| echo "net.core.netdev_max_backlog = 655360" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf | |
| echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf | |
| echo "kernel.sched_autogroup_enabled = 0" >> /etc/sysctl.conf | |
| # Increase size of file handles and inode cache | |
| echo "fs.file-max = 2097152" >> /etc/sysctl.conf | |
| # Do less swapping | |
| echo "vm.swappiness = 10" >> /etc/sysctl.conf | |
| echo "vm.dirty_ratio = 60" >> /etc/sysctl.conf | |
| echo "vm.dirty_background_ratio = 2" >> /etc/sysctl.conf | |
| ### GENERAL NETWORK SECURITY OPTIONS ### | |
| # Number of times SYNACKs for passive TCP connection. | |
| echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf | |
| # Protect Against TCP Time-Wait | |
| echo "net.ipv4.tcp_rfc1337 = 1" >> /etc/sysctl.conf | |
| # Decrease the time default value for tcp_fin_timeout connection | |
| echo "net.ipv4.tcp_fin_timeout = 15" >> /etc/sysctl.conf | |
| # Decrease the time default value for connections to keep alive | |
| echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_keepalive_probes = 5" >> /etc/sysctl.conf | |
| echo "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf | |
| ### TUNING NETWORK PERFORMANCE ### | |
| # Default Socket Receive Buffer | |
| echo "net.core.rmem_default = 31457280" >> /etc/sysctl.conf | |
| # Maximum Socket Receive Buffer | |
| echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf | |
| # Default Socket Send Buffer | |
| echo "net.core.wmem_default = 31457280" >> /etc/sysctl.conf | |
| # Maximum Socket Send Buffer | |
| echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf | |
| # Increase the maximum amount of option memory buffers | |
| echo "net.core.optmem_max = 25165824" >> /etc/sysctl.conf | |
| # Increase the maximum total buffer-space allocatable | |
| # This is measured in units of pages (4096 bytes) | |
| echo "net.ipv4.tcp_mem = 65536 131072 262144" >> /etc/sysctl.conf | |
| echo "net.ipv4.udp_mem = 65536 131072 262144" >> /etc/sysctl.conf | |
| # Increase the read-buffer space allocatable | |
| echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> /etc/sysctl.conf | |
| echo "net.ipv4.udp_rmem_min = 16384" >> /etc/sysctl.conf | |
| # Increase the write-buffer-space allocatable | |
| echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> /etc/sysctl.conf | |
| echo "net.ipv4.udp_wmem_min = 16384" >> /etc/sysctl.conf | |
| # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks | |
| echo "net.ipv4.tcp_max_tw_buckets = 1440000" >> /etc/sysctl.conf | |
| sysctl -p |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment