martijn/machineops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update install.sh

Browse source 
Update for ipv4 tuning, protection and fastopen.
This commit is contained in:
Martijn de Boer 2025-03-04 13:59:05 +01:00
parent f58217a54a
commit da81200677
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
install.sh
View file

@ -96,6 +96,16 @@ echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_synack_retries=2" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_fin_timeout=15" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_keepalive_time=300" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_keepalive_probes=5" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_keepalive_intvl=15" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_max_tw_buckets=1440000" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_tw_recycle=1" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_tw_reuse=1" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv4.tcp_fastopen=3" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv6.conf.default.dad_transmits = 0" >> /etc/sysctl.d/99-custom.conf
echo "net.ipv6.conf.default.max_addresses = 1" >> /etc/sysctl.d/99-custom.conf
@ -131,6 +141,7 @@ echo "kernel.yama.ptrace_scope = 1" >> /etc/sysctl.d/99-custom.conf
echo "kernel.unprivileged_userns_clone = 0" >> /etc/sysctl.d/99-custom.conf
echo "kernel.unprivileged_bpf_disabled = 1" >> /etc/sysctl.d/99-custom.conf
echo "net.core.bpf_jit_harden = 2" >> /etc/sysctl.d/99-custom.conf
echo "kernel.panic=10" >> /etc/sysctl.d/99-custom.conf
## Kernel optimisation
echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
@ -139,6 +150,13 @@ echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
echo -e "\e[1;32mHardening filesystem...\e[0m"
echo "fs.protected_hardlinks=1" >> /etc/sysctl.d/99-custom.conf
echo "fs.protected_symlinks=1" >> /etc/sysctl.d/99-custom.conf
echo "fs.file-max=2097152" >> /etc/sysctl.d/99-custom.conf
## Swap
echo -e "\e[1;32mTuning swap...\e[0m"
echo "vm.swappiness=10" >> /etc/sysctl.d/99-custom.conf
echo "vm.dirty_ratio=60" >> /etc/sysctl.d/99-custom.conf
echo "vm.dirty_background_ratio=2" >> /etc/sysctl.d/99-custom.conf
# Write sysctl values
sysctl -p /etc/sysctl.d/99-custom.conf