jdoss · July 18, 2013 03:01
diff --git a/sysctl.conf b/sysctl.conf
 # Kernel sysctl configuration file for Red Hat Linux
 #
 # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
 # sysctl.conf(5) for more details.

 # Controls IP packet forwarding
 net.ipv4.ip_forward = 0

 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0

 # Controls whether core dumps will append the PID to the core filename.
 # Useful for debugging multi-threaded applications.
 kernel.core_uses_pid = 1

 # Controls the use of TCP syncookies
 net.ipv4.tcp_syncookies = 1

 # Disable netfilter on bridges.
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0

 # Controls the maximum size of a message, in bytes
 kernel.msgmnb = 65536

 # Controls the default maxmimum size of a mesage queue
 kernel.msgmax = 65536

 # Controls the maximum shared segment size, in bytes
 kernel.shmmax = 68719476736

 # Controls the maximum number of shared memory segments, in pages
 kernel.shmall = 4294967296

 # The maximum number of shared memory segments
 kernel.shmmni = 4096

 # The maximum number of queues system wide
 kernel.msgmni = 2048

 # The maximum number and size of semaphore sets that can be allocated
 kernel.sem = 250 256000 32 1024

 # The maximum number of file descriptors
 fs.file-max = 6553600

 # Disables IP source routing
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.lo.accept_source_route = 0
 net.ipv4.conf.eth0.accept_source_route = 0
 net.ipv4.conf.default.accept_source_route = 0

 # Disable ICMP Redirect Acceptance
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.lo.accept_redirects = 0
 net.ipv4.conf.eth0.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0

 # Disable Log Spoofed Packets, Source Routed Packets, Redirect Packets
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.lo.log_martians = 0
 net.ipv4.conf.eth0.log_martians = 0

 # Enable IP spoofing protection, turn on source route verification
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.conf.lo.rp_filter = 1
 net.ipv4.conf.eth0.rp_filter = 1
 net.ipv4.conf.default.rp_filter = 1

 # Decrease the time default value for tcp_fin_timeout connection
 net.ipv4.tcp_fin_timeout = 15

 # Decrease the time default value for tcp_keepalive_time connection
 net.ipv4.tcp_keepalive_time = 1800

 # Turn off the tcp_window_scaling
 net.ipv4.tcp_window_scaling = 0

 # Turn off the tcp_sack
 net.ipv4.tcp_sack = 0

 # Turn off the tcp_timestamps
 net.ipv4.tcp_timestamps = 0

 # Enable ignoring broadcasts request
 net.ipv4.icmp_echo_ignore_broadcasts = 1

 # Enable bad error message Protection
 net.ipv4.icmp_ignore_bogus_error_responses = 1

 # Increases the size of the socket queue (effectively, q0).
 net.ipv4.tcp_max_syn_backlog = 1024

 # Increase the tcp-time-wait buckets pool size
 net.ipv4.tcp_max_tw_buckets = 1440000

 # Allowed local port range
 net.ipv4.ip_local_port_range = 16384 64000

 # Sets the default OS receive buffer size for all types of connections
 net.core.rmem_default = 4194304

 # Sets the default OS send buffer size for all types of connections
 net.core.wmem_default = 262144

 # Sets the max OS send buffer size for all types of connections
 net.core.wmem_max= 262144

 # Sets the max OS receive buffer size for all types of connections
 net.core.rmem_max = 4194304

 # Enable ExecShield Protection Against Buffer Overflows
 kernel.exec-shield = 1
 kernel.randomize_va_space = 1

 # Define how aggressively memory pages are swapped to disk
 vm.swappiness = 0
	# Kernel sysctl configuration file for Red Hat Linux
	#
	# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
	# sysctl.conf(5) for more details.

	# Controls IP packet forwarding
	net.ipv4.ip_forward = 0

	# Controls the System Request debugging functionality of the kernel
	kernel.sysrq = 0

	# Controls whether core dumps will append the PID to the core filename.
	# Useful for debugging multi-threaded applications.
	kernel.core_uses_pid = 1

	# Controls the use of TCP syncookies
	net.ipv4.tcp_syncookies = 1

	# Disable netfilter on bridges.
	net.bridge.bridge-nf-call-ip6tables = 0
	net.bridge.bridge-nf-call-iptables = 0
	net.bridge.bridge-nf-call-arptables = 0

	# Controls the maximum size of a message, in bytes
	kernel.msgmnb = 65536

	# Controls the default maxmimum size of a mesage queue
	kernel.msgmax = 65536

	# Controls the maximum shared segment size, in bytes
	kernel.shmmax = 68719476736

	# Controls the maximum number of shared memory segments, in pages
	kernel.shmall = 4294967296

	# The maximum number of shared memory segments
	kernel.shmmni = 4096

	# The maximum number of queues system wide
	kernel.msgmni = 2048

	# The maximum number and size of semaphore sets that can be allocated
	kernel.sem = 250 256000 32 1024

	# The maximum number of file descriptors
	fs.file-max = 6553600

	# Disables IP source routing
	net.ipv4.conf.all.accept_source_route = 0
	net.ipv4.conf.lo.accept_source_route = 0
	net.ipv4.conf.eth0.accept_source_route = 0
	net.ipv4.conf.default.accept_source_route = 0

	# Disable ICMP Redirect Acceptance
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.lo.accept_redirects = 0
	net.ipv4.conf.eth0.accept_redirects = 0
	net.ipv4.conf.default.accept_redirects = 0

	# Disable Log Spoofed Packets, Source Routed Packets, Redirect Packets
	net.ipv4.conf.all.log_martians = 0
	net.ipv4.conf.lo.log_martians = 0
	net.ipv4.conf.eth0.log_martians = 0

	# Enable IP spoofing protection, turn on source route verification
	net.ipv4.conf.all.rp_filter = 1
	net.ipv4.conf.lo.rp_filter = 1
	net.ipv4.conf.eth0.rp_filter = 1
	net.ipv4.conf.default.rp_filter = 1

	# Decrease the time default value for tcp_fin_timeout connection
	net.ipv4.tcp_fin_timeout = 15

	# Decrease the time default value for tcp_keepalive_time connection
	net.ipv4.tcp_keepalive_time = 1800

	# Turn off the tcp_window_scaling
	net.ipv4.tcp_window_scaling = 0

	# Turn off the tcp_sack
	net.ipv4.tcp_sack = 0

	# Turn off the tcp_timestamps
	net.ipv4.tcp_timestamps = 0

	# Enable ignoring broadcasts request
	net.ipv4.icmp_echo_ignore_broadcasts = 1

	# Enable bad error message Protection
	net.ipv4.icmp_ignore_bogus_error_responses = 1

	# Increases the size of the socket queue (effectively, q0).
	net.ipv4.tcp_max_syn_backlog = 1024

	# Increase the tcp-time-wait buckets pool size
	net.ipv4.tcp_max_tw_buckets = 1440000

	# Allowed local port range
	net.ipv4.ip_local_port_range = 16384 64000

	# Sets the default OS receive buffer size for all types of connections
	net.core.rmem_default = 4194304

	# Sets the default OS send buffer size for all types of connections
	net.core.wmem_default = 262144

	# Sets the max OS send buffer size for all types of connections
	net.core.wmem_max= 262144

	# Sets the max OS receive buffer size for all types of connections
	net.core.rmem_max = 4194304

	# Enable ExecShield Protection Against Buffer Overflows
	kernel.exec-shield = 1
	kernel.randomize_va_space = 1

	# Define how aggressively memory pages are swapped to disk
	vm.swappiness = 0