[root@www1 ~]# vi /etc/sysctl.conf
# sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). # System level; Default : 19593930 # Get current opening files by : cat /proc/sys/fs/file-nr fs.file-max = 19593930 # Process level; Default : 1048576 # nr_open should smaller than file-max fs.nr_open = 1048576 # Aysnc I/O; Default : 65536 # Get current opening files by : cat /proc/sys/fs/aio-nr fs.aio-max-nr=262144 # Maximum processes enabled; Default : 196608 kernel.pid_max = 4194303 kernel.sched_migration_cost_ns = 5000000 kernel.sched_autogroup_enabled = 0 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_no_metrics_save = 0 net.ipv4.tcp_abort_on_overflow = 0 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_orphan_retries = 2 net.ipv4.tcp_retries2 = 8 net.ipv4.tcp_max_syn_backlog = 3240000 net.ipv4.tcp_max_tw_buckets = 5000 #net.ipv4.tcp_max_tw_buckets = 1440000 net.core.netdev_max_backlog = 3240000 net.core.somaxconn = 50000 [root@www1 ~]# clear [root@www1 ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). # System level; Default : 19593930 # Get current opening files by : cat /proc/sys/fs/file-nr fs.file-max = 19593930 # Process level; Default : 1048576 # nr_open should smaller than file-max fs.nr_open = 1048576 # Aysnc I/O; Default : 65536 # Get current opening files by : cat /proc/sys/fs/aio-nr fs.aio-max-nr=262144 # Maximum processes enabled; Default : 196608 kernel.pid_max = 4194303 kernel.sched_migration_cost_ns = 5000000 kernel.sched_autogroup_enabled = 0 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_no_metrics_save = 0 net.ipv4.tcp_abort_on_overflow = 0 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_orphan_retries = 2 net.ipv4.tcp_retries2 = 8 net.ipv4.tcp_max_syn_backlog = 3240000 net.ipv4.tcp_max_tw_buckets = 5000 #net.ipv4.tcp_max_tw_buckets = 1440000 net.core.netdev_max_backlog = 3240000 net.core.somaxconn = 50000 net.core.netdev_budget=600 net.core.busy_read=50 net.core.busy_poll=50 # Setup Buffer size # tcp_mem : Page (4K) => 16777216 Pages = 64GB # other : Byte => 16777216 Bytes = 16MB net.core.rmem_default = 16777216 net.core.wmem_default = 16777216 net.core.optmem_max = 16777216 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_mem = 16777216 16777216 16777216 net.ipv4.tcp_rmem = 16777216 16777216 16777216 net.ipv4.tcp_wmem = 16777216 16777216 16777216 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 9 net.ipv4.tcp_fin_timeout = 7 net.ipv4.tcp_timestamps=1 # Google TCP fastopen => Fasten TCP 3-way handshake net.ipv4.tcp_fastopen=3 kernel.numa_balancing=0 net.ipv4.tcp_tw_reuse = 1 #避免藍精靈攻擊 net.ipv4.icmp_echo_ignore_broadcasts = 1 #為錯誤的icmp錯誤消息打開保護 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 打開並記錄欺騙,源路由和重定向數據包 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 # 這裡沒有源路由包 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # 打開反向路徑過濾 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 確保沒有人可以更改路由表 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # 不要充當路由器 net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 打開execshild # kernel.exec-shield = 1 kernel.randomize_va_space = 1 # IPv6 net.ipv6.conf.default.router_solicitations = 0 net.ipv6.conf.default.accept_ra_rtr_pref = 0 net.ipv6.conf.default.accept_ra_pinfo = 0 net.ipv6.conf.default.accept_ra_defrtr = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.default.dad_transmits = 0 net.ipv6.conf.default.max_addresses = 1
執行sysctl -p生效
沒有留言:
張貼留言