Tweak kernel variables in sysctl.conf

Kernel variables can be tweaked to increase security or performance of the system. To get a lot of these settings working across reboots it can be stored in the /etc/sysctl.conf file. For the values to get applied immediately after editing this file, this command should be issued:

#sysctl -p

This is how my file looks like. The kernel used is a 2.6.24 and the os is Ubuntu 7.04.


#
# /etc/sysctl.conf – Configuration file for setting system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com
net/ipv4/icmp_echo_ignore_broadcasts=1

# the following stops low-level messages on console
kernel.printk = 4 4 1 7

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.conf.default.forwarding=0

# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.default.forwarding=1

## The below lines are manually added — stan

vm.swappiness=15

vm.vfs_cache_pressure=50

# increase system IP port limits
net.ipv4.ip_local_port_range = 1024 65536

# kernel will reboot after a panic in 10 seconds
kernel.panic = 10

# Increase the maximum and default receive socket buffer size
net.core.rmem_default = 524288
net.core.rmem_max = 524288

# Increase the maximum and default send socket buffer size
net.core.wmem_default = 524288
net.core.wmem_max = 524288

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 4096 87380 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 4096 87380 524288

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 524288 524288 524288

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1

# Controls whether core dumps will append the PID to the core filename.
# # Useful for debugging multi-threaded applications.
# kernel.core_uses_pid = 1

#Prevent SYN attack by enabling TCP/IP SYN cookies
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Set maximum amount of memory allocated to shm to 256M
kernel.shmmax = 268435456

# Increase the maximum memory used to reassemble IP fragments
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 57344

——eof—————————————————————————–

These values are stored in files under the /proc/sys/ directory. Its simple to understand and generate newer variables. The forward slashes are changed to dot in the variable name. For example a variable called vm.swappiness would mean the value stored in the file /proc/sys/vm/swappiness.

These values are tweaked to give my desktop better performance. Do let me know if i can further increase it.

Cheers.

Advertisements

2 Comments

  1. Can You Update This For 8.04 LTS?

  2. You should have no problems with any of these if you are an Ubuntu 8.04 user.


Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s