Tweak kernel variables in sysctl.conf

Kernel variables can be tweaked to increase security or performance of the system. To get a lot of these settings working across reboots it can be stored in the /etc/sysctl.conf file. For the values to get applied immediately after editing this file, this command should be issued:

#sysctl -p

This is how my file looks like. The kernel used is a 2.6.24 and the os is Ubuntu 7.04.


#
# /etc/sysctl.conf – Configuration file for setting system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com
net/ipv4/icmp_echo_ignore_broadcasts=1

# the following stops low-level messages on console
kernel.printk = 4 4 1 7

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.conf.default.forwarding=0

# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.default.forwarding=1

## The below lines are manually added — stan

vm.swappiness=15

vm.vfs_cache_pressure=50

# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65536

# kernel will reboot after a panic in 10 seconds
kernel.panic = 10

# Increase the maximum and default receive socket buffer size
net.core.rmem_default = 524288
net.core.rmem_max = 524288

# Increase the maximum and default send socket buffer size
net.core.wmem_default = 524288
net.core.wmem_max = 524288

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 4096 87380 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 4096 87380 524288

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 524288 524288 524288

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1

# Controls whether core dumps will append the PID to the core filename.
# # Useful for debugging multi-threaded applications.
# kernel.core_uses_pid = 1

#Prevent SYN attack by enabling TCP/IP SYN cookies
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Set maximum amount of memory allocated to shm to 256M
kernel.shmmax = 268435456

# Increase the maximum memory used to reassemble IP fragments
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 57344

——eof—————————————————————————–

These values are stored in files under the /proc/sys/ directory. Its simple to understand and generate newer variables. The forward slashes are changed to dot in the variable name. For example a variable called vm.swappiness would mean the value stored in the file /proc/sys/vm/swappiness.

These values are tweaked to give my desktop better performance. Do let me know if i can further increase it.

Cheers.

Advertisements