FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools


os:linux:set:kernel:etc_sysctl.conf.html



Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
os:linux:set:kernel:etc_sysctl.conf.html [2017/11/18 16:16]
kurihara [/etc/sysctl.conf]
os:linux:set:kernel:etc_sysctl.conf.html [2018/02/17 01:43] (current)
kurihara
Line 1: Line 1:
-[[os:index.html|]] +[[os:linux:set:index.html]] 
-====== Configuration of /etc/sysctl.conf ======+====== /etc/sysctl.conf Example Configuration======
  
 +\\
 +{{INLINETOC}}
 +\\
  
-===== /etc/sysctl.conf =====+===== My /etc/sysctl.conf =====
  
  
Line 31: Line 34:
 # Network # Network
 #------------------------------------------------------------------------------ #------------------------------------------------------------------------------
-# keepalive+TCP keepalive
 net.ipv4.tcp_keepalive_time = 60  # defautl 7200 net.ipv4.tcp_keepalive_time = 60  # defautl 7200
 net.ipv4.tcp_keepalive_intvl = 3  # default 75 net.ipv4.tcp_keepalive_intvl = 3  # default 75
Line 38: Line 41:
 # 60sec + 3sec * 9 = 567sec = 9.56min # 60sec + 3sec * 9 = 567sec = 9.56min
  
- +tcp connection 
-disable IPv6 (CentOS7) +net.nf_conntrack_max 1048576
-net.ipv6.conf.all.disable_ipv6 = 1 +
-net.ipv6.conf.lo.disable_ipv6 = 1 +
-net.ipv6.conf.default.disable_ipv6 1+
  
 # port exhaustion # port exhaustion
Line 52: Line 52:
  
 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_reuse = 1
 +
 +# disable IPv6 (CentOS7)
 +net.ipv6.conf.all.disable_ipv6 = 1
 +net.ipv6.conf.lo.disable_ipv6 = 1
 +net.ipv6.conf.default.disable_ipv6 = 1
  
  
Line 62: Line 67:
 </sxh> </sxh>
  
 +\\
 +===== CentOS7 Defautl /etc/sysctl.conf =====
 +
 +<sxh bash toolbar:false gutter:false>
 +# System default settings live in /usr/lib/sysctl.d/00-system.conf.
 +# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
 +#
 +# For more information, see sysctl.conf(5) and sysctl.d(5).
 +</sxh>
 +
 +\\
 +===== Ubuntu16.0.4 Default /etc/sysctl.conf =====
 +
 +<sxh bash toolbar:false gutter:false>
 +#
 +# /etc/sysctl.conf - Configuration file for setting system variables
 +# See /etc/sysctl.d/ for additional system variables.
 +# See sysctl.conf (5) for information.
 +#
 +
 +#kernel.domainname = example.com
 +
 +# Uncomment the following to stop low-level messages on console
 +#kernel.printk = 3 4 1 3
 +
 +##############################################################3
 +# Functions previously found in netbase
 +#
 +
 +# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
 +# Turn on Source Address Verification in all interfaces to
 +# prevent some spoofing attacks
 +#net.ipv4.conf.default.rp_filter=1
 +#net.ipv4.conf.all.rp_filter=1
 +
 +# Uncomment the next line to enable TCP/IP SYN cookies
 +# See http://lwn.net/Articles/277146/
 +# Note: This may impact IPv6 TCP sessions too
 +#net.ipv4.tcp_syncookies=1
 +
 +# Uncomment the next line to enable packet forwarding for IPv4
 +net.ipv4.ip_forward=1
 +
 +# Uncomment the next line to enable packet forwarding for IPv6
 +#  Enabling this option disables Stateless Address Autoconfiguration
 +#  based on Router Advertisements for this host
 +#net.ipv6.conf.all.forwarding=1
 +
 +
 +###################################################################
 +# Additional settings - these settings can improve the network
 +# security of the host and prevent against some network attacks
 +# including spoofing attacks and man in the middle attacks through
 +# redirection. Some network environments, however, require that these
 +# settings are disabled so review and enable them as needed.
 +#
 +# Do not accept ICMP redirects (prevent MITM attacks)
 +#net.ipv4.conf.all.accept_redirects = 0
 +#net.ipv6.conf.all.accept_redirects = 0
 +# _or_
 +# Accept ICMP redirects only for gateways listed in our default
 +# gateway list (enabled by default)
 +# net.ipv4.conf.all.secure_redirects = 1
 +#
 +# Do not send ICMP redirects (we are not a router)
 +#net.ipv4.conf.all.send_redirects = 0
 +#
 +# Do not accept IP source route packets (we are not a router)
 +#net.ipv4.conf.all.accept_source_route = 0
 +#net.ipv6.conf.all.accept_source_route = 0
 +#
 +# Log Martian Packets
 +#net.ipv4.conf.all.log_martians = 1
 +#
 +
 +net.ipv6.conf.all.disable_ipv6 = 1
 +net.ipv6.conf.default.disable_ipv6 = 1
 +net.ipv6.conf.default.autoconf=0
 +</sxh>
 +
 +
 +\\
 +<WRAP box 90%>
 +<catlist ..: -noAddPageButton -smallHead>
 +</WRAP>
  
 \\ \\
 \\ \\
-[[os:index.html|]]+[[os:linux:set:index.html]]


os/linux/set/kernel/etc_sysctl.conf.html.1510989371.txt.gz · Last modified: 2017/11/18 16:16 by kurihara