Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
# file descriptor
# Change 400000 to increase or decrease number of file descriptor
echo "* soft nofile 400000" >> /etc/security/limits.conf
echo "* hard nofile 400000" >> /etc/security/limits.conf
# Changing kernal parameters (modify value if required)
# Increase number of incoming connections
echo "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 16384" >> /etc/sysctl.conf
# Increase number of incoming connections backlog
echo "net.core.netdev_max_backlog = 655360" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "kernel.sched_autogroup_enabled = 0" >> /etc/sysctl.conf
# Increase size of file handles and inode cache
echo "fs.file-max = 2097152" >> /etc/sysctl.conf
# Do less swapping
echo "vm.swappiness = 10" >> /etc/sysctl.conf
echo "vm.dirty_ratio = 60" >> /etc/sysctl.conf
echo "vm.dirty_background_ratio = 2" >> /etc/sysctl.conf
### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
# Protect Against TCP Time-Wait
echo "net.ipv4.tcp_rfc1337 = 1" >> /etc/sysctl.conf
# Decrease the time default value for tcp_fin_timeout connection
echo "net.ipv4.tcp_fin_timeout = 15" >> /etc/sysctl.conf
# Decrease the time default value for connections to keep alive
echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 5" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffer
echo "net.core.rmem_default = 31457280" >> /etc/sysctl.conf
# Maximum Socket Receive Buffer
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
# Default Socket Send Buffer
echo "net.core.wmem_default = 31457280" >> /etc/sysctl.conf
# Maximum Socket Send Buffer
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
# Increase the maximum amount of option memory buffers
echo "net.core.optmem_max = 25165824" >> /etc/sysctl.conf
# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
echo "net.ipv4.tcp_mem = 65536 131072 262144" >> /etc/sysctl.conf
echo "net.ipv4.udp_mem = 65536 131072 262144" >> /etc/sysctl.conf
# Increase the read-buffer space allocatable
echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> /etc/sysctl.conf
echo "net.ipv4.udp_rmem_min = 16384" >> /etc/sysctl.conf
# Increase the write-buffer-space allocatable
echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> /etc/sysctl.conf
echo "net.ipv4.udp_wmem_min = 16384" >> /etc/sysctl.conf
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
echo "net.ipv4.tcp_max_tw_buckets = 1440000" >> /etc/sysctl.conf
sysctl -p
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.