-
Notifications
You must be signed in to change notification settings - Fork 9
/
install-network-sh
56 lines (41 loc) · 3.15 KB
/
install-network-sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
echo "Disable ping from Internet/Intranet by adding the line below to /etc/rc.d/rc.local"
echo "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" | sudo sh
echo "To reduce SYN Flood attack /etc/sysctl.conf"
echo "echo \"net.core.netdev_max_backlog = 10240\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.core.somaxconn = 10240\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.all.accept_redirects = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.all.accept_source_route = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.all.rp_filter = 1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.all.secure_redirects = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.default.accept_redirects = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.default.accept_source_route = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.default.secure_redirects = 0\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.conf.default.rp_filter = 1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.ip_local_port_range = 1024 65000\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.icmp_echo_ignore_broadcasts=1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.icmp_echo_ignore_all=1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.icmp_ignore_bogus_error_responses=1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.ip_conntrack_max=65535\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_syncookies=1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_syn_retries=3\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_fin_timeout=15\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_synack_retries=1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.route.gc_timeout=100\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_keepalive_probes = 5\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_keepalive_time=500\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_max_orphans = 60000\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_max_syn_backlog = 8192\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_max_tw_buckets = 5000\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_rmem = 4096 4096 16777216\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_wmem = 4096 4096 16777216\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_tw_reuse = 1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"net.ipv4.tcp_tw_recycle = 1\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"fs.file-max = 70000\" >> /etc/sysctl.conf" | sudo sh
echo "echo \"vm.overcommit_memory=1\" >> /etc/sysctl.conf" | sudo sh
echo "Add the lines below into file /etc/security/limits.conf"
echo "echo \"* hard rss 10000\" >> /etc/security/limits.conf" | sudo sh
echo "echo \"* hard maxlogins 2\" >> /etc/security/limits.conf" | sudo sh
echo "echo \"* hard core 0\" >> /etc/security/limits.conf" | sudo sh
echo "echo \"* soft nofile 10000\" >> /etc/security/limits.conf" | sudo sh
echo "echo \"* hard nofile 30000\" >> /etc/security/limits.conf" | sudo sh
sudo sysctl -p