UnixServerAdmin

Server Administration & Management

sysctl-tuner.sh

###############################################
# Script for sysctl tuner
###############################################

#!/bin/bash

function sysctlw {
if [ `grep -c $1 /etc/sysctl.conf` -eq 0 ]; then
echo “$1=$2” >> /etc/sysctl.conf
echo “Added sysctl preference ‘$1’=’$2′”
fi
}

echo “Tuning network stack..”

sysctlw    “net.ipv4.ip_forward”                “0”
sysctlw    “net.ipv4.conf.default.rp_filter”        “1”
sysctlw    “kernel.sysrq”                    “0”
sysctlw    “kernel.core_uses_pid”                “0”
sysctlw    “net.ipv4.ipfrag_time”                “30”
sysctlw    “net.core.rmem_default”                “262141”
sysctlw    “net.core.rmem_max”                “262141”
sysctlw    “net.ipv4.tcp_rmem”                “4096 87380 174760”
sysctlw    “net.core.wmem_default”                “262141”
sysctlw    “net.core.wmem_max”                “262141”
sysctlw    “net.ipv4.tcp_wmem”                “4096 16384 131072”
sysctlw    “net.ipv4.tcp_mem”                “195584 196096 196608”
sysctlw    “net.core.optmem_max”                “20480”
sysctlw    “net.ipv4.tcp_max_tw_buckets”            “360000”
sysctlw    “net.core.hot_list_length”            “256”
sysctlw    “net.core.netdev_max_backlog”            “262144”
sysctlw    “net.core.somaxconn”                “262144”
sysctlw    “net.ipv4.tcp_reordering”            “3”
sysctlw    “net.ipv4.icmp_echo_ignore_broadcasts”        “1”
sysctlw    “net.ipv4.icmp_ignore_bogus_error_responses”    “1”
sysctlw    “net.ipv4.tcp_synack_retries”            “2”
sysctlw    “net.ipv4.tcp_syn_retries”            “3”
sysctlw    “net.ipv4.tcp_syncookies”            “1”
sysctlw    “net.ipv4.tcp_timestamps”            “0”
sysctlw    “net.ipv4.tcp_sack”                “1”
sysctlw    “net.ipv4.tcp_window_scaling”            “1”
sysctlw    “net.ipv4.tcp_keepalive_time”            “1200”
sysctlw    “net.ipv4.tcp_fin_timeout”            “15”
sysctlw    “net.ipv4.tcp_tw_recycle”            “1”
sysctlw    “net.ipv4.conf.default.log_martians”        “1”
sysctlw    “net.ipv4.conf.all.log_martians”        “0”
sysctlw    “net.ipv4.conf.default.accept_redirects”    “0”
sysctlw    “net.ipv4.conf.all.accept_redirects”        “0”
sysctlw    “net.ipv4.conf.default.accept_source_route”    “0”
sysctlw    “net.ipv4.conf.all.accept_source_route”        “0”
sysctlw    “net.ipv4.conf.all.rp_filter”            “1”
sysctlw    “net.ipv4.conf.default.rp_filter”        “1”
sysctlw    “net.ipv4.conf.default.accept_source_route”    “0”
sysctlw    “net.ipv4.conf.default.send_redirects”        “0”
sysctlw    “net.ipv4.conf.default.mc_forwarding”        “0”
sysctlw    “net.ipv4.conf.default.forwarding”            “0”
sysctlw    “net.ipv4.conf.all.bootp_relay”                “0”
sysctlw    “net.ipv4.conf.all.proxy_arp”                “0”

#arp
sysctlw    “net.ipv4.neigh.default.gc_thresh3”        “2048”
sysctlw    “net.ipv4.neigh.default.gc_thresh2”        “1024”
sysctlw    “net.ipv4.neigh.default.gc_thresh1”        “32”
sysctlw    “net.ipv4.neigh.default.gc_interval”        “30”

sysctlw    “net.ipv4.neigh.default.proxy_qlen”        “96”
sysctlw    “net.ipv4.neigh.default.unres_qlen”        “6”

#tcp options
sysctlw    “net.ipv4.tcp_dsack”                    “0”
sysctlw    “net.ipv4.tcp_fack”                    “0”
sysctlw    “net.ipv4.tcp_ecn”                    “0”
sysctlw    “net.ipv4.tcp_max_syn_backlog”        “2048”
sysctlw    “net.ipv4.tcp_retries2”                “15”
sysctlw    “net.ipv4.tcp_retries1”                “3”
sysctlw    “net.ipv4.tcp_rfc1337”                “1”
sysctlw    “net.ipv4.netfilter.ip_conntrack_max”    “1048576”
sysctlw    “net.nf_conntrack_max”                “1048576”
sysctlw    “sunrpc.tcp_slot_table_entries”        “32”
sysctlw    “sunrpc.udp_slot_table_entries”        “32”
sysctlw    “net.unix.max_dgram_qlen”            “50”
sysctlw    “net.core.netdev_max_backlog”        “1024”
sysctlw    “net.core.dev_weight”                “64”

echo “Optimizing filesystem…”

sysctlw    “fs.file-max”                “209708”
sysctlw    “kernel.ctrl-alt-del”            “0”

echo “Optimizing kernel…”

sysctlw    “kernel.printk”                “4 4 1 7”
sysctlw    “kernel.maps_protect”            “1”
sysctlw    “vm.mmap_min_addr”            “65536”
sysctlw    “vm.page-cluster”            “6”
sysctlw    “kernel.shmmax”                “67108864”

echo “Setting up host.conf…”

cp /etc/host.conf /etc/host.conf.bak

cat <<HOSTCONF >/etc/host.conf
order bind,hosts
multi on
nospoof on
HOSTCONF

/sbin/sysctl -p &>/dev/null &
/sbin/sysctl -w net.ipv4.route.flush=1

echo “Disabling unneeded services…”

for i in acpid anacron auditd autofs avahi-daemon bluetooth cpuspeed
cups gpm ip6tables irqbalance mcstrans netfs nfslock pcscd
portmap rpcgssd rpcidmapd setroubleshoot xfs; do
service $i stop &>/dev/null
chkconfig –level 3 $i off &>/dev/null
done
###############################################

Advertisements

May 2, 2011 - Posted by | Security, Shell Script | ,

4 Comments »

  1. This is a excellent article. Thank you for making the effort to describe all of this out for us. It really is a great guide!

    Comment by Carlena Lasala | June 15, 2011 | Reply

  2. This is certainly a splendid article. Thanks a lot for bothering to detail all this out for us. It is a great help!

    Comment by Marla Dellaporta | June 15, 2011 | Reply

  3. I had been truly hoping to find something for this subject matter and your writing completely accommodates my present desires. Please write more along these lines? Readers need to find this information and the kind of unbiased viewpoint which you supply.

    Comment by filtered water | June 15, 2011 | Reply

  4. I’d like to read everything that you know regarding this subject. You only have scratched the top of your respective awareness about this and that is clear in the way you blog. Have you considered devoting a complete internet site in order that others won’t miss what you have to say?

    Comment by water | June 16, 2011 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: