Optimizing host.conf and sysctl.conf

#!/bin/sh
#host.conf
cp /etc/host.conf /etc/host.back
echo “# Lookup names via DNS first then fall back to /etc/hosts.” > /etc/host.conf
echo “order bind,hosts” >> /etc/host.conf
echo “# We have machines with multiple IP addresses.” >> /etc/host.conf
echo “multi on” >> /etc/host.conf
echo “# Check for IP address spoofing.” >> /etc/host.conf
echo “nospoof on” >> /etc/host.conf
#sysctl.conf
cp /etc/sysctl.conf /etc/sysctl.conf.old
echo “# Max File Handlers” >> /etc/sysctl.conf
echo “fs.file-max = 8192” >> /etc/sysctl.conf
echo “# Disable CTR+ALT+DEL Restart Keys” >> /etc/sysctl.conf
echo “kernel.ctrl-alt-del = 1” >> /etc/sysctl.conf
echo “# Enable TCP SYN cookie protection” >> /etc/sysctl.conf
echo “net.ipv4.tcp_syncookies = 1” >> /etc/sysctl.conf
echo “# Disable ICMP Redirect Acceptance” >> /etc/sysctl.conf
echo “net.ipv4.conf.all.accept_redirects = 0” >> /etc/sysctl.conf
echo “# Enable bad error message protection” >> /etc/sysctl.conf
echo “net.ipv4.icmp_ignore_bogus_error_responses = 1” >> /etc/sysctl.conf
echo “# Decrease time between keepalives” >> /etc/sysctl.conf
echo “net.ipv4.tcp_keepalive_time = 1200” >> /etc/sysctl.conf
echo “# Turn off timestamps” >> /etc/sysctl.conf
echo “net.ipv4.tcp_timestamps = 0” >> /etc/sysctl.conf
echo “# Ignore icmp broadcast request” >> /etc/sysctl.conf
echo “net.ipv4.icmp_echo_ignore_broadcasts = 1” >> /etc/sysctl.conf
echo “# Decrease the time default value for tcp_fin_timeout connection” >> /etc/sysctl.conf
echo “net.ipv4.tcp_fin_timeout = 25” >> /etc/sysctl.conf
echo “# Turn off the tcp_window_scaling” >> /etc/sysctl.conf
echo “net.ipv4.tcp_window_scaling = 0” >> /etc/sysctl.conf
echo “# Turn off the tcp_sack” >> /etc/sysctl.conf
echo “net.ipv4.tcp_sack = 0” >> /etc/sysctl.conf
echo “# Allow more SYN backlog” >> /etc/sysctl.conf
echo “net.ipv4.tcp_max_syn_backlog = 1048” >> /etc/sysctl.conf
echo “# Lower retry rates” >> /etc/sysctl.conf
echo “net.ipv4.tcp_synack_retries = 2” >> /etc/sysctl.conf
echo “net.ipv4.tcp_syn_retries = 3” >> /etc/sysctl.conf
cp /etc/syslog.conf /etc/syslog.conf.old
echo “# Log all kernel messages to the new file /var/log/kernel” >> /etc/syslog.conf
echo “kern.* /var/log/kernel” >> /etc/syslog.conf
echo “# Log all logins to /var/log/login_log” >> /etc/syslog.conf
echo “auth.*;user.*;daemon.none /var/log/login_log” >> /etc/syslog.conf

About the Author

發表迴響

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料

%d 位部落客按了讚: