CiprianDorinCraciun/Notes/Public/Sysctl

kernel

• panic:

  • kernel.panic = 0
    kernel.panic_on_oops = 1
    kernel.panic_on_unrecovered_nmi = 1
    kernel.unknown_nmi_panic = 1

• process limits:

  • kernel.pid_max = 65536
    kernel.threads-max = 32768

• shared memory limits:

  • kernel.shmall = 262144
    kernel.shmmax = 268435456
    kernel.shmmni = 4096

• sysrq:

  • Alt+SysRq+Shift+...	effect
    b	reboot
    o	shutdown
    s	sync
    u	remount read-only
    e	send init SIGTERM

    kernel.sysrq = 1

vm

• out of memory:

  • vm.panic_on_oom = 0
    vm.oom_kill_allocating_task = 0
    vm.oom_dump_tasks = 1

• memory overcommitting:

  • vm.overcommit_memory = 0
    vm.overcommit_ratio = 0

• memory usage for application vs file system cache vs buffer cache:

  • vm.swappiness = 10
    vm.vfs_cache_pressure = 300

• buffer cache write-out:

  • vm.dirty_background_bytes = 1073741824
    vm.dirty_bytes = 2147483648
    vm.dirty_expire_centisecs = 12000
    vm.dirty_writeback_centisecs = 3000

fs

• limits:

  • fs.file-max = 65535

net

• buffer sizes:

  • net.core.rmem_max = 8388608
    net.core.wmem_max = 8388608
    net.core.rmem_default = 131072
    net.core.wmem_default = 131072
    net.ipv4.tcp_rmem = 4096 131072 8388608
    net.ipv4.tcp_wmem = 4096 131072 8388608
    net.ipv4.udp_rmem_min = 4096
    net.ipv4.udp_wmem_min = 4096

• back-log size:

  • net.core.netdev_max_backlog = 4096
    net.ipv4.tcp_max_syn_backlog = 4096

• IPv4 security and tuning:

  • net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.default.log_martians = 1
    
    net.ipv4.ip_forward = 0
    net.ipv4.conf.all.forwarding = 0
    net.ipv4.conf.default.forwarding = 0
    
    net.ipv4.conf.all.proxy_arp = 0
    net.ipv4.conf.default.proxy_arp = 0
    
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.arp_filter = 1
    net.ipv4.conf.default.arp_filter = 1
    
    net.ipv4.ip_local_port_range = 16384 32767
    
    net.ipv4.icmp_echo_ignore_all = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_syn_retries = 4
    net.ipv4.tcp_synack_retries = 4
    net.ipv4.tcp_fin_timeout = 12
    net.ipv4.tcp_max_orphans = 1024
    net.ipv4.tcp_orphan_retries = 4
    net.ipv4.tcp_max_tw_buckets = 1024
    net.ipv4.tcp_window_scaling = 1
    net.ipv4.tcp_keepalive_time = 120
    net.ipv4.tcp_keepalive_probes = 4
    net.ipv4.tcp_keepalive_intvl = 12
    net.ipv4.tcp_base_mss = 1024
    net.ipv4.tcp_mtu_probing = 1