Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. ## added by samiux for performance and security
  2.  
  3. # performance tuning
  4. kernel.sem = 250 32000 100 128
  5. kernel.shmall = 2097152
  6. kernel.shmmax = 2147483648
  7. kernel.shmmni = 4096
  8. # If you have more than 512MB RAM, use this setting unless comment it out
  9. fs.file-max = 262140
  10. # If you have 512MB RAM or less, uncomment this setting; otherwise, comment it out
  11. #fs.file-max = 65535
  12. vm.swappiness = 1
  13. vm.vfs_cache_pressure = 50
  14. vm.min_free_kbytes = 65536
  15.  
  16. net.core.rmem_default = 33554432
  17. net.core.rmem_max = 33554432
  18. net.core.wmem_default = 33554432
  19. net.core.wmem_max = 33554432
  20. net.ipv4.tcp_rmem = 10240 87380 33554432
  21. net.ipv4.tcp_wmem = 10240 87380 33554432
  22. net.ipv4.tcp_no_metrics_save = 1
  23. net.ipv4.tcp_window_scaling = 1
  24. net.ipv4.ip_local_port_range = 1024 65535
  25. net.ipv4.tcp_max_tw_buckets = 360000
  26.  
  27. net.ipv4.tcp_max_orphans = 3276800
  28. net.ipv4.tcp_tw_reuse = 1
  29. net.ipv4.tcp_tw_recycle = 1
  30. net.ipv4.tcp_syn_retries = 2
  31. net.ipv4.tcp_synack_retries = 2
  32. net.core.somaxconn = 32768
  33. net.core.netdev_max_backlog = 32768
  34. net.ipv4.tcp_max_syn_backlog = 65536
  35. net.ipv4.tcp_mem = 94500000 915000000 927000000
  36.  
  37. # security setting
  38. net.ipv4.tcp_timestamps = 0
  39. net.ipv4.tcp_fin_timeout = 15
  40. net.ipv4.tcp_orphan_retries = 2
  41. net.ipv4.conf.all.accept_redirects = 0
  42. net.ipv4.conf.all.send_redirects = 0
  43. net.ipv4.conf.default.accept_redirects = 0
  44. net.ipv4.conf.all.secure_redirects = 0
  45. net.ipv4.conf.default.secure_redirects = 0
  46. net.ipv4.conf.all.log_martians = 1
  47. net.ipv4.conf.default.log_martians = 1
  48. net.ipv4.conf.all.accept_source_route = 0
  49. net.ipv4.conf.default.accept_source_route = 0
  50. net.ipv4.conf.all.rp_filter = 1
  51. net.ipv4.conf.default.rp_filter = 1
  52. net.ipv4.tcp_syncookies = 1
  53. net.ipv4.icmp_echo_ignore_broadcasts = 1
  54. net.ipv4.icmp_ignore_bogus_error_responses = 1
  55.  
  56. # network traffic congestion control
  57. net.ipv4.tcp_congestion_control=htcp
  58.  
  59. # I/O tuning
  60. vm.dirty_background_ratio = 0
  61. vm.dirty_background_bytes = 209715200
  62. vm.dirty_ratio = 40
  63. vm.dirty_bytes = 0
  64. vm.dirty_writeback_centisecs = 100
  65. vm.dirty_expire_centisecs = 200
  66.  
  67. # Buffer Overflow Protection in Ubuntu only
  68. # Enable "No Execute (NX)" or "Execute Disable (XD)" in BIOS/UEFI
  69. # Then run : sudo dmesg | grep --color '[NX|XD]*protection'
  70. # If you see "NX (Execute Disable) protection: active" or similar, your
  71. # kernel is protected from Buffer Overflow.
  72.  
  73. # Buffer Overflow Protection in RedHat/CentOS/Fedora only
  74. #kernel.exec-shield = 1
  75.  
  76. # Enable ASLR
  77. # 0 - Do not randomize stack and vdso page.
  78. # 1 - Turn on protection and randomize stack, vdso page and mmap.
  79. # 2 - Turn on protection and randomize stack, vdso page and mmap +
  80. # randomize brk base address.
  81. kernel.randomize_va_space = 2