FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools

os:linux:set:kernel:etc_sysctl.conf.html



Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
os:linux:set:kernel:etc_sysctl.conf.html [2017/11/19 00:06]
kurihara [/etc/sysctl.conf] 		os:linux:set:kernel:etc_sysctl.conf.html [2018/02/17 01:43] (current)
kurihara
Line 1: Line 1:
-[[os:index.html|]] +[[os:linux:set:index.html]] 
-====== Configuration of /etc/sysctl.conf ======+====== /etc/sysctl.conf Example Configuration======
  
 +\\
 +{{INLINETOC}}
 +\\
  
-===== /etc/sysctl.conf =====+===== My /etc/sysctl.conf =====
  
  
Line 31: Line 34:
 # Network # Network
 #------------------------------------------------------------------------------ #------------------------------------------------------------------------------
-# keepalive+TCP keepalive
 net.ipv4.tcp_keepalive_time = 60  # defautl 7200 net.ipv4.tcp_keepalive_time = 60  # defautl 7200
 net.ipv4.tcp_keepalive_intvl = 3  # default 75 net.ipv4.tcp_keepalive_intvl = 3  # default 75
Line 38: Line 41:
 # 60sec + 3sec * 9 = 567sec = 9.56min # 60sec + 3sec * 9 = 567sec = 9.56min
  
- +tcp connection 
-disable IPv6 (CentOS7) +net.nf_conntrack_max 1048576
-net.ipv6.conf.all.disable_ipv6 = 1 +
-net.ipv6.conf.lo.disable_ipv6 = 1 +
-net.ipv6.conf.default.disable_ipv6 1+
  
 # port exhaustion # port exhaustion
Line 52: Line 52:
  
 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_reuse = 1
 +
 +# disable IPv6 (CentOS7)
 +net.ipv6.conf.all.disable_ipv6 = 1
 +net.ipv6.conf.lo.disable_ipv6 = 1
 +net.ipv6.conf.default.disable_ipv6 = 1
  
  
Line 62: Line 67:
 </sxh> </sxh>
  
 +\\
 +===== CentOS7 Defautl /etc/sysctl.conf =====
 +
 +<sxh bash toolbar:false gutter:false>
 +# System default settings live in /usr/lib/sysctl.d/00-system.conf.
 +# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
 +#
 +# For more information, see sysctl.conf(5) and sysctl.d(5).
 +</sxh>
  
 \\ \\
-<WRAP box 90%> +===== Ubuntu16.0.4 Default /etc/sysctl.conf =====
-[[os:index.html|]]+
  
-Other Configuration Files +<sxh bash toolbar:false gutter:false> 
-<catlist -noAddPageButton -sortAscending -noHead>+
 +# /etc/sysctl.conf - Configuration file for setting system variables 
 +# See /etc/sysctl.d/ for additional system variables. 
 +# See sysctl.conf (5) for information. 
 +
 + 
 +#kernel.domainname = example.com 
 + 
 +# Uncomment the following to stop low-level messages on console 
 +#kernel.printk = 3 4 1 3 
 + 
 +##############################################################
 +# Functions previously found in netbase 
 +
 + 
 +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) 
 +# Turn on Source Address Verification in all interfaces to 
 +# prevent some spoofing attacks 
 +#net.ipv4.conf.default.rp_filter=1 
 +#net.ipv4.conf.all.rp_filter=1 
 + 
 +# Uncomment the next line to enable TCP/IP SYN cookies 
 +# See http://lwn.net/Articles/277146/ 
 +# Note: This may impact IPv6 TCP sessions too 
 +#net.ipv4.tcp_syncookies=1 
 + 
 +# Uncomment the next line to enable packet forwarding for IPv4 
 +net.ipv4.ip_forward=1 
 + 
 +# Uncomment the next line to enable packet forwarding for IPv6 
 +#  Enabling this option disables Stateless Address Autoconfiguration 
 +#  based on Router Advertisements for this host 
 +#net.ipv6.conf.all.forwarding=1 
 + 
 + 
 +################################################################### 
 +# Additional settings - these settings can improve the network 
 +# security of the host and prevent against some network attacks 
 +# including spoofing attacks and man in the middle attacks through 
 +# redirection. Some network environments, however, require that these 
 +# settings are disabled so review and enable them as needed. 
 +
 +# Do not accept ICMP redirects (prevent MITM attacks) 
 +#net.ipv4.conf.all.accept_redirects = 0 
 +#net.ipv6.conf.all.accept_redirects = 0 
 +# _or_ 
 +# Accept ICMP redirects only for gateways listed in our default 
 +# gateway list (enabled by default) 
 +# net.ipv4.conf.all.secure_redirects = 1 
 +
 +# Do not send ICMP redirects (we are not a router) 
 +#net.ipv4.conf.all.send_redirects = 0 
 +
 +# Do not accept IP source route packets (we are not a router) 
 +#net.ipv4.conf.all.accept_source_route = 0 
 +#net.ipv6.conf.all.accept_source_route = 0 
 +
 +# Log Martian Packets 
 +#net.ipv4.conf.all.log_martians = 1 
 +
 + 
 +net.ipv6.conf.all.disable_ipv6 = 1 
 +net.ipv6.conf.default.disable_ipv6 = 1 
 +net.ipv6.conf.default.autoconf=0 
 +</sxh> 
 + 
 + 
 +\\ 
 +<WRAP box 90%> 
 +<catlist ..: -noAddPageButton -smallHead>
 </WRAP> </WRAP>
  
 \\ \\
 \\ \\
-[[os:index.html|]]+[[os:linux:set:index.html]]


os/linux/set/kernel/etc_sysctl.conf.html.1511017584.txt.gz · Last modified: 2017/11/19 00:06 by kurihara

Page Tools


Home     About     Contact

Copyright (c) 2024 FastHandle - IT Operations Examples All Rights Reserved.