test ping.bat
: loop 0
ping -n 10 8.8.8.8
IF %ERRORLEVEL%==0 ( goto loop 1 )
start c:1.mp3
ping -n 13 localhost > NUL
: loop 1
ping -n 5 192.168.1.1
IF %ERRORLEVEL%==0 ( goto loop 0 )
start c:1.mp3
ping -n 13 localhost > NUL ( goto loop 0 )
Note:- 8.8.8.8 to check Internet Connectivity & 192.168.1.1 to check Gateway Connectivity and 01.mp3 is siren ring.
disk_speed.sh
###########################################################
## disk_speed.sh ##
###########################################################
## Make a Directory /REPORTS ##
## Make a file msg.txt under /REPORTS Directory ##
## Write Following in msg.txt file ##
###########################################################
## Hi, ##
## The Disk Speed of Hard Drive in the server has been done. ##
## For Disk Speed Report, please check the attachment. ##
## Thanks & Regards, ##
## Unixserveradmin.com Security Team ##
###########################################################
#! /bin/bash
/bin/echo “=================================” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “THE Disk Speed Report of Hard Drive in Server $(hostname) at $(date)” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “=================================” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “Check Write Speed of Hard Drive” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “——————————–” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/dd if=/dev/zero of=test bs=1048576 count=2048 2>&1 | tee -a /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “Check Read Speed of Hard Drive” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “——————————–” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/dd if=/dev/zero of=test bs=1048576 count=2048 2>&1 | tee -a /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/echo “=================================” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
#/bin/echo “Remove test file from Hard Drive” >> /REPORTS/disk_speed.log_$(date +%d%m%y).txt
/bin/rm -rvdf test
mutt -s “Disk Speed Report of Server $(hostname | tr ‘a-z’ ‘A-Z’)” -a /REPORTS/disk_speed.log_$(date +%d%m%y).txt — unixserv@unixserveradmin.com info@unixserveradmin.com < /REPORTS/msg.txt
report-backup.sh
#############################################################
## report-backup.sh ##
#############################################################
## Script for Daily Backup Report of Servers ##
#############################################################
## Make a Directory /REPORTS ##
## Make a file msg.txt under /REPORTS Directory ##
## Write Folowing in msg.txt file ##
#############################################################
## Hi, ##
## The Daily Backup of All Servers have Done. ##
## The Daily Backup Report is attached with this mail. ##
## Thanks & Regards, ##
## Unixserveradmin.com Security Team ##
#############################################################
#!/bin/sh
set -x
set -v
standby=$1
BACKUPDIR=/datasrv/
BACKFILE1=`date ‘+%d-%b-%Y-‘`
BACKFILE2=`date –date=’yesterday’ ‘+%d-%b-%Y-‘`
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “====================================” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “Daily Remote Backup Report of the Project on Today” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “====================================” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/usr/bin/du -hs /datasrv/*/*$BACKFILE1* >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “====================================” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “Daily Remote Backup Report of UPSRTC Project on Yesterday” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “====================================” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/usr/bin/du -hs /datasrv/*/*$BACKFILE2* >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
/bin/echo “====================================” >> /REPORTS/Backup.log_$(date +%d%m%y).txt
mutt -s “Daily Remote Backup Report of the Project” -a /REPORTS/Backup.log_$(date +%d%m%y).txt — unixserv@unixserveradmin.com info@unixserveradmin.com < /REPORTS/msg.txt
###################################################################
zombie_process.sh
###########################################################
## zombie_process.sh ##
###########################################################
#!/bin/bash
x=0;
for x in `ps -ef | grep defunct | awk ‘{print $3}’` ; do
echo $x
kill -9 $x
done
service_server.sh
#################################
# Stop unwanted services ################
# service_server.sh ####################
################################
#!/bin/bash
echo “Task Start Now !!!”
chkconfig cups off –level 24
chkconfig rhnsd off –level 24
chkconfig gssd off –level 24
chkconfig rpcgssd off –level 24
chkconfig rpcidmapd off –level 24
chkconfig idmapd off –level 24
chkconfig acpid off –level 24
chkconfig iscsi off –level 24
chkconfig iscsid off –level 24
chkconfig kdump off –level 24
chkconfig cpuspeed off –level 24
chkconfig mcstrans off –level 24
chkconfig mdmonitor off –level 24
chkconfig microcode_ctl off –level 24
chkconfig multipathd off –level 24
chkconfig ntpd off –level 24
chkconfig avahi-daemon off –level 24
chkconfig httpd off –level 24
chkconfig mysqld off –level 24
chkconfig sshd off –level 24
chkconfig ipsec off –level 24
chkconfig lm_sensors off –level 24
chkconfig irqbalance off –level 24
chkconfig restorecond off –level 24
chkconfig yum-updatesd off –level 24
chkconfig xinetd off –level 24
chkconfig isdn off
chkconfig anacron off
chkconfig sendmail off
chkconfig autofs off
chkconfig portmap off
chkconfig readahead_early off
chkconfig readahead_later off
chkconfig nfs off
chkconfig ip6tables off
chkconfig smartd off
chkconfig kudzu off
chkconfig netfs off
chkconfig nfslock off
chkconfig xfs off
chkconfig apmd off
chkconfig bluetooth off
chkconfig gpm off
chkconfig hidd off
chkconfig pcscd off
chkconfig setroubleshoot off
chkconfig dovecot off
chkconfig haldaemon off
chkconfig chargen off
chkconfig ypbind off
chkconfig atd off
chkconfig canna off
chkconfig FreeWnn off
chkconfig iiim off
chkconfig mDNSResponder off
chkconfig rpcimpad off
chkconfig acpi off
echo “Task Successful Done !!!”
open-browser.bat
cd c:\
cd Program Files\Internet Explorer
start IEXPLORE.EXE
cd c:\
cd Program Files
cd Mozilla Firefox
start firefox.exe
backup_via_system.bat
@echo off
REM ———
REM BACKUP
REM ———
ECHO ——————————————————-
ECHO CLOSE ALL PROGRAMS and APPLICATIONS NOW!!
ECHO ——————————————————-
ECHO.
ECHO Your hard drive is about to be searched for Documents,
ECHO Databases, Spreadsheets, and Email storage files.
ECHO.
ECHO All files of these types will be saved to
ECHO your REMOVABLE DEVICE in their original
ECHO directories\folders.
ECHO.
ECHO This will replace any previous backup on the
ECHO removable drive.
ECHO.
pause
echo %computername%
cd c:\
set mm=%date:~4,2%
set dd=%date:~7,2%
set yy=%date:~10,4%
mkdir e:\datasrv\%dd%-%mm%-%yy%
xcopy d:\datasrv\* e:\datasrv\%dd%-%mm%-%yy% /e /s /y
backup_via_network.bat
@echo off
REM ———
REM BACKUP
REM ———
ECHO ——————————————————-
ECHO CLOSE ALL PROGRAMS and APPLICATIONS NOW!!
ECHO ——————————————————-
ECHO.
ECHO Your hard drive is about to be searched for Documents,
ECHO Databases, Spreadsheets, and Email storage files.
ECHO.
ECHO All files of these types will be saved to
ECHO your REMOVABLE DEVICE in their original
ECHO directories\folders.
ECHO.
ECHO This will replace any previous backup on the
ECHO removable drive.
ECHO.
pause
set mm=%date:~4,2%
set dd=%date:~7,2%
set yy=%date:~10,4%
net use \\192.168.1.2
md \\192.168.0.2\backup\%mm%-%dd%-%yy%
xcopy c:\backup\data\* \\backup\datasrv\%mm%-%dd%-%yy% /e
backup_via_date.bat
cd c:\
set mm=%date:~4,2%
set dd=%date:~7,2%
set yy=%date:~10,4%
md e:\backup\%mm%-%dd%-%yy%
xcopy c:\backup\* e:\backup\%mm%-%dd%-%yy% /E /F /H
backup_all_drive.bat
set mm=%date:~4,2%
set dd=%date:~7,2%
set yy=%date:~10,4%
md e:\backup\%mm%-%dd%-%yy%
xcopy c:\backup\data\* e:\backup\%mm%-%dd%-%yy% /e
backup_script_encrypt.sh (in bzip2 format)
########################################################################
# Application Server Backup ######################################################
# backup_script_encrypt.sh (in-bzip2-format script) ########################################
########################################################################
#!/bin/sh
set -x
set -v
standby=$1
myfile=”Test_Backup`date ‘+%d-%b-%Y-%H-%M’`.tar.bz2″
BACKUPDIR=/backup/htmldaily/
BACKUPFILE=”Test_Backup`date ‘+%d-%b-%Y-%H-%M’`.tar”
cd $BACKUPDIR
tar cvf $BACKUPFILE /var/www/html/
bzip2 -cvf – $BACKUPFILE | openssl enc -aes-256-cbc -pass pass:ABCabc123@ -e | dd of=/backup/htmldaily/$myfile.enc
rm -rvdf $BACKUPFILE
scp /backup/htmldaily/$myfile backup@$standby:/backup/autobackup/htmldaily/
rsync -avzE –progress /backup/htmldaily/$myfile backup@X.X.X.X:/backup/autobackup/htmldaily/
########################################################################
# To decrypt Tesing_Backup.bzip2 file
#
# openssl aes-256-cbc -d -pass pass:ABCabc123@ -in Test_Backup.bzip2.enc -out Test_Backup.bzip2
########################################################################
# -d –decompress
# -c –compress
# -f –force
# -v –verbose
# Password = ABCabc123@
########################################################################
backup_script_encrypt.sh (in tar.gz format)
#########################################################################
# Application Server Backup #######################################################
# backup_script_encrypt.sh (in-bzip2-format script) #########################################
#########################################################################
#!/bin/sh
set -x
set -v
standby=$1
myfile=”Test_Backup`date ‘+%d-%b-%Y-%H-%M’`.tar.gz”
BACKUPDIR=/backup/htmldaily/
BACKUPFILE=”Test_Backup`date ‘+%d-%b-%Y-%H-%M’`.tar”
cd $BACKUPDIR
tar cvf $BACKUPFILE /var/www/html/
tar -zcvf – $BACKUPFILE | openssl enc -aes-256-cbc -pass pass:ABCabc123@ -e | dd of=/backup/htmldaily/$myfile.enc
rm -rvdf $BACKUPFILE
scp /backup/htmldaily/$myfile backup@$standby:/backup/autobackup/htmldaily/
rsync -avzE –progress /backup/htmldaily/$myfile backup@X.X.X.X:/backup/autobackup/htmldaily/
#########################################################################
# To decrypt Test_Backup.bzip2 file
#
# openssl aes-256-cbc -d -pass pass:ABCabc123@ -in Test_Backup.tar.gz.enc -out Test_Backup.tar.gz
#########################################################################
# -d –decompress
# -c –create
# -f –force
# -v –verbose
# -z –gzip
# Password = ABCabc123@
#########################################################################
backup_dump_encrypt.sh (in tar.gz format)
#############################################################################
# Database Server Backup ############################################################
# backup_dump_encrypt.sh (in-tar.gz-format) script #############################################
#############################################################################
#!/bin/sh
set -x
set -v
standby=$1
myfirstfile=”Testing_Backup`date +’%d-%b-%Y-%H-%M’`.sql”
myfile=”Testing_Backup`date +’%d-%b-%Y-%H-%M’`.sql.tar.gz”
# mysql dump, check, scp and report
mysqldump -uroot -pPASSWORD –all-databases –routines –flush-logs –single-transaction –master-data=2 > /backup/mysqldump/$myfirstfile 2> /backup/mysqldump/ORS_err.txt
cd /backup/mysqldump/
tar -zcvf – $myfirstfile | openssl enc -aes-256-cbc -pass pass:ABCabc123@ -e | dd of=/backup/mysqldump/$myfirstfile.tar.gz.enc
rm -rvdf $myfirstfile
scp /backup/mysqldump/$myfile backup@$standby:/backup/mysqldump/
rsync -avzE –progress /backup/mysqldump/$myfile backup@X.X.X.X:/backup/autobackup/mysqldump/
#############################################################################
# To decrypt Tesing_Backup.bzip2 file
#
# openssl aes-256-cbc -d -pass pass:ABCabc123@ -in Testing_Backup.tar.gz.enc -out Testing_Backup.tar.gz
#############################################################################
# -d –decompress
# -c –create
# -f –force
# -v –verbose
# -z –gzip
# Password = ABCabc123@
#############################################################################
allow_mac.sh
#############################################################################
# MAC Address Allow File ####################### #######
#################################################
/sbin/iptables -F # Flush Iptables ####### ##################
#################################################
# Allow Incoming Connection from PArticular MAC Address ########
# iptables -A INPUT -j DROP ## Block all others Connection #######
#############################################################################
/sbin/iptables -A INPUT -m mac –mac-source 0A:0B:0C:0D:0E:0F -j ACCEPT ## Allow Traffic from MAC 0A:0B:0C:0D:0E:0F ##
/sbin/iptables -A INPUT -m mac –mac-source 1A:1B:1C:1D:1E:1F -j ACCEPT ## Allow Traffic from MAC 1A:1B:1C:1D:1E:1F ##
/sbin/iptables -A INPUT -m mac –mac-source 2A:2B:2C:2D:2E:2F -j ACCEPT ## Allow Traffic from MAC 2A:2B:2C:2D:2E:2F ##
/sbin/iptables -A INPUT -m mac –mac-source 3A:3B:3C:3D:3E:3F -j ACCEPT ## Allow Traffic from MAC 3A:3B:3C:3D:3E:3F ##
/sbin/iptables -A INPUT -m mac –mac-source 4A:4B:4C:4D:4E:4F -j ACCEPT ## Allow Traffic from MAC 4A:4B:4C:4D:4E:4F ##
/sbin/iptables -A INPUT -m mac –mac-source 5A:5B:5C:5D:5E:5F -j ACCEPT ## Allow Traffic from MAC 5A:5B:5C:5D:5E:5F ##
/sbin/iptables -A INPUT -j DROP ## Drop all Others Traffic ##
/sbin/service iptables save
#############################################################################
yum_update.sh
#######################################################
# yum_update.sh ##
#######################################################
# Make a Directory /REPORTS ##
# Make a file msg6.txt under /REPORTS Directory ##
# Write Following in msg6.txt file ##
#######################################################
# Hi, ##
# The Operating and Patch Update process of the server has been completed. ##
# For Server update Report, Please check the attached yum_update Report. ###
# Thanks & Regards, ##
# Unixserveradmin.com Security Team ##
#######################################################
#! /bin/bash
/bin/mkdir /REPORTS 2> /dev/null
/bin/echo “####################################” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo “– MONTHLY SERVER UPDATE REPORT FOR $(/bin/hostname | tr ‘a-z’ ‘A-Z’) –” > /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo “– DATE : $(date) –” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo “#################################” >> /REPORTS/Yum_Update_$(date +%d%m%y).txts
/usr/bin/yum update -y >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo “Thanks & Regards” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo “Unixserveradmin.com Security Team” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
/bin/echo ” ” >> /REPORTS/Yum_Update_$(date +%d%m%y).txt
mutt -s “SERVER UPDATE REPORT $(hostname | tr ‘a-z’ ‘A-Z’)” -a /REPORTS/Yum_Update_$(date +%d%m%y).txt unixserv@unixserveradmin.com info@unixserveradmin.com < /REPORTS/msg6.txt
How to check duplicate IP adderss in your subnet
Create and execute a script as shown below to check for duplicate IP in example: 192.168.1.0/24 subnet.
###############################################################
# /bin/bash #######################################################
# duplicate.sh #####################################################
##############################################################
for i in $(seq 1 254);
do
echo “arping -q -D -I eth0 -c 2 172.16.1.${i}”; [ $? -ne 0 ] && echo “172.16.1.${i} duplicate”;
done
##############################################################
sysctl-tunner-update.sh
##############################################################################
# sysctl is an interface that allows you to make changes to a running Linux kernel. ####################### ####################
# With /etc/sysctl.conf you can configure various Linux networking and system settings such as: ########################################
###############################################################################
## 1. Limit network-transmitted configuration for IPv4 ################################################################
## 2. Limit network-transmitted configuration for IPv6 ################################################################
## 3. Turn on execshield protection ###########################################################################
## 4. Prevent against the common ‘syn flood attack’ ##################################################################
## 5. Turn on source IP address verification ######################################################################
## 6. Prevents a cracker from using a spoofing attack against the IP address of the server. ############################################
## 7. Logs several types of suspicious packets, such as spoofed packets, source-routed packets & redirects. ###################################
##############################################################################
# The sysctl command is used to modify kernel parameters at runtime. /etc/sysctl.conf is a text file containing sysctl values to be read in and set by sysct at boot time. ##
#!/bin/bash
function sysctlw {
if [ `grep -c $1 /etc/sysctl.conf` -eq 0 ]; then
echo “$1=$2“ >> /etc/sysctl.conf
echo “Added sysctl preference ‘$1‘=’$2‘”
fi
}
echo “Tuning network stack..”
# Controls IP packet forwarding
sysctlw “net.ipv4.ip_forward” “0“
sysctlw “net.ipv4.conf.default.rp_filter” “1“
# Controls the System Request debugging functionality of the kernel
sysctlw “kernel.sysrq” “0“
sysctlw “kernel.core_uses_pid” “0“
sysctlw “net.ipv4.ipfrag_time” “30“
sysctlw “net.core.rmem_default” “262141“
sysctlw “net.core.rmem_max” “12582912“
sysctlw “net.ipv4.tcp_rmem” “10240 87380 12582912“
sysctlw “net.core.wmem_default” “262141“
sysctlw “net.core.wmem_max” “12582912“
sysctlw “net.ipv4.tcp_wmem” “10240 87380 12582912“
sysctlw “net.ipv4.tcp_mem” “195584 196096 196608“
sysctlw “net.core.optmem_max” “20480“
sysctlw “net.ipv4.tcp_max_tw_buckets” “360000“
sysctlw “net.core.hot_list_length” “256“
#Set maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them
sysctlw “net.core.netdev_max_backlog” “262144“
sysctlw “net.core.somaxconn” “262144“
sysctlw “net.ipv4.tcp_reordering” “3“
# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
sysctlw “net.ipv4.icmp_echo_ignore_broadcasts” “1“
sysctlw “net.ipv4.icmp_ignore_bogus_error_responses” “1“
# Controls the use of TCP syncookies
sysctlw “net.ipv4.tcp_synack_retries” “2“
sysctlw “net.ipv4.tcp_syn_retries” “3“
# Prevent against the common ‘syn flood attack’
sysctlw “net.ipv4.tcp_syncookies” “1“
#Enable timestamps as defined in RFC1323
sysctlw “net.ipv4.tcp_timestamps” “1“
#Enable select acknowledgments
sysctlw “net.ipv4.tcp_sack” “1“
#By default, TCP saves various connection metrics in the route cache when the connection closes,
#so that connections established in the near future can use these to set initial conditions. Usually,
#this increases overall performance, but may sometimes cause performance degradation.
#If set, TCP will not cache metrics on closing connections
sysctlw “net.ipv4.tcp_no_metrics_save“ “1“
#Turn on window scaling which can be an option to enlarge the transfer window
sysctlw “net.ipv4.tcp_window_scaling” “1“
sysctlw “net.ipv4.tcp_keepalive_time” “1200“
sysctlw “net.ipv4.tcp_fin_timeout” “15“
sysctlw “net.ipv4.tcp_tw_recycle” “1“
sysctlw “net.ipv4.conf.default.log_martians” “1“
# Log packets with impossible addresses to kernel log? yes
sysctlw “net.ipv4.conf.all.log_martians” “1“
sysctlw “net.ipv4.conf.default.accept_redirects” “0“
# Accept Redirects? No, this is not router
sysctlw “net.ipv4.conf.all.accept_redirects” “0“
sysctlw “net.ipv4.conf.all.secure_redirects“ “0“
sysctlw “net.ipv4.conf.default.accept_source_route” “0“
# Accept packets with SRR option? No
sysctlw “net.ipv4.conf.all.accept_source_route” “0“
# Enable source validation by reversed path, as specified in RFC1812
sysctlw “net.ipv4.conf.all.rp_filter” “1“
# Controls source route verification
sysctlw “net.ipv4.conf.default.rp_filter” “1“
# Do not accept source routing
sysctlw “net.ipv4.conf.default.accept_source_route” “0“
# Send redirects, if router, but this is just server
sysctlw “net.ipv4.conf.default.send_redirects” “0“
sysctlw “net.ipv4.conf.default.mc_forwarding” “0“
sysctlw “net.ipv4.conf.default.forwarding” “0“
sysctlw “net.ipv4.conf.all.bootp_relay” “0“
sysctlw “net.ipv4.conf.all.proxy_arp” “0“
#arp
sysctlw “net.ipv4.neigh.default.gc_thresh3? “2048“
sysctlw “net.ipv4.neigh.default.gc_thresh2? “1024“
sysctlw “net.ipv4.neigh.default.gc_thresh1? “32“
sysctlw “net.ipv4.neigh.default.gc_interval” “30“
sysctlw “net.ipv4.neigh.default.proxy_qlen” “96“
sysctlw “net.ipv4.neigh.default.unres_qlen” “6“
#tcp options
sysctlw “net.ipv4.tcp_dsack” “0“
sysctlw “net.ipv4.tcp_fack” “0“
sysctlw “net.ipv4.tcp_ecn” “0“
sysctlw “net.ipv4.tcp_max_syn_backlog” “2048“
sysctlw “net.ipv4.tcp_retries2? “15“
sysctlw “net.ipv4.tcp_retries1? “3“
sysctlw “net.ipv4.tcp_rfc1337? “1“
sysctlw “net.ipv4.netfilter.ip_conntrack_max” “1048576“
sysctlw “net.nf_conntrack_max” “1048576“
sysctlw “sunrpc.tcp_slot_table_entries” “32“
sysctlw “sunrpc.udp_slot_table_entries” “32“
sysctlw “net.unix.max_dgram_qlen” “50“
sysctlw “net.core.netdev_max_backlog” “5000“
sysctlw “net.core.dev_weight” “64“
#Enable ExecShield protection
sysctlw “kernel.exec-shield“ “1“
sysctlw “kernel.randomize_va_space“ “1“
echo “Optimizing filesystem…”
sysctlw “fs.file-max” “209708“
sysctlw “kernel.ctrl-alt-del” “0“
echo “Optimizing kernel…”
sysctlw “kernel.printk” “4 4 1 7“
sysctlw “kernel.maps_protect” “1“
sysctlw “vm.mmap_min_addr” “65536“
sysctlw “vm.page-cluster” “6“
sysctlw “kernel.shmmax” “67108864“
echo “Setting up host.conf…”
cp /etc/host.conf /etc/host.conf.bak
cat <<HOSTCONF >/etc/host.conf
order bind,hosts
multi on
nospoof on
HOSTCONF
/sbin/sysctl -p &>/dev/null &
/sbin/sysctl -w net.ipv4.route.flush=1
echo “Disabling unneeded services…”
for i in acpid anacron auditd autofs avahi-daemon bluetooth cpuspeed \
gpm ip6tables irqbalance mcstrans netfs nfslock pcscd \
portmap rpcgssd rpcidmapd setroubleshoot xfs; do
service $i stop &>/dev/null
chkconfig –level 3 $i off &>/dev/null
done
UnixServerAdmin 