Sysctl

sysctl -w net.ipv4.ip_forward=0 # OS_Protection,ip 轉發,預設 0 
sysctl -w net.ipv4.conf.all.send_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.conf.default.send_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 # OS_Protection,忽略 broadcast,預設 1
sysctl -w net.ipv4.conf.all.accept_source_route=0 # OS_Protection,關閉路由相關功能,預設 0
sysctl -w net.ipv4.conf.all.accept_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.conf.all.secure_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.conf.all.log_martians=1 # OS_Protection,預設 0
sysctl -w net.ipv4.conf.default.accept_source_route=0 # OS_Protection,關閉路由相關功能,預設 0
sysctl -w net.ipv4.conf.default.accept_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.conf.default.secure_redirects=0 # OS_Protection,關閉路由相關功能,預設 1
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 # OS_Protection,預設 1
sysctl -w net.ipv4.conf.all.rp_filter=1 # OS_Protection,預設 0
sysctl -w net.ipv4.conf.default.rp_filter=1 # OS_Protection,預設 1
sysctl -w net.ipv4.tcp_timestamps=0 # OS_Protection,預設 1
sysctl -w net.ipv4.tcp_syncookies=1 # time wait,防止 syn flood,預設 1
sysctl -w net.ipv4.tcp_tw_reuse=1 # time wait,允許將 time-wait sockets重新用於新的tcp連線上,預設 0
sysctl -w net.ipv4.tcp_tw_recycle=1 # time wait,允許快速回收,預設為0
sysctl -w net.ipv4.tcp_fin_timeout=15 # time wait,timeout 時間,預設 60
sysctl -w net.ipv4.tcp_max_syn_backlog=4096 # dmesg,possible SYN flooding on port 80. Sending cookies,預設 1024
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=86400 # dmesg,ip_conntrack: table full, dropping packet, default 432000
sysctl -w vm.panic_on_oom=1 # out of memory,預設 0
sysctl -w vm.overcommit_memory=1 # out of memory,預設 0
sysctl -w vm.overcommit_ratio=0 # out of memory,預設 50
sysctl -w net.core.somaxconn=4096 # 預設 128
sysctl -w net.ipv4.tcp_synack_retries=3 # default 5
sysctl -w net.ipv4.tcp_syn_retries=3 # default 5
sysctl -w net.ipv4.tcp_retries2=3 # default 15

 

Apache Configuration

vi /etc/httpd/conf/httpd.conf

Timeout 30 # 連線超過 30 秒失敗就重試,預設 120
KeepAlive On # 開啟 KeepAlive,預設 off
MaxKeepAliveRequests 512 # 設定同一時間可容許的 KeppAlive 量,100
KeepAliveTimeout 5 # KeepAlive 多久要自動 Timeout 掉,15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 666
MaxClients 666
#ServerLimit 256
#MaxClients 256
MaxRequestsPerChild 1000
</IfModule>
Related posts 相關文章
apache httpd 2.4.58 有些安全性更新
More...
Apache 有 path traversal 目錄遍歷的漏洞
More...
Google 對於 Linux 的高效能調校實作
More...
CentOS7 透過 systemd 自動讓服務 restart 重啟
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。