Mettre à jour 'etc/sysctl.conf'

2018-04-04 15:32:26 +00:00 · 2018-04-04 15:32:26 +00:00 · 04fec70ecb
parent 6f50967a7d
commit 04fec70ecb
1 changed files with 22 additions and 3 deletions
--- a/etc/sysctl.conf
+++ b/etc/sysctl.conf
@ -13,19 +13,37 @@
 ### GENERAL SYSTEM SECURITY OPTIONS ###
 ###

+# Controls the System Request debugging functionality of the kernel
+kernel.sysrq = 0
+
 #Allow for more PIDs
 kernel.pid_max = 65535

+# Controls the maximum size of a message, in bytes
+kernel.msgmnb = 65535
+
+# Controls the default maxmimum size of a mesage queue
+kernel.msgmax = 65535
+
+# Restrict core dumps
+fs.suid_dumpable = 0
+
+# Hide exposed kernel pointers
+kernel.kptr_restrict = 1
+
 ### IMPROVE SYSTEM MEMORY MANAGEMENT ###

 # Increase size of file handles and inode cache
 fs.file-max = 2097152

+# Increase size of file handles and inode cache
+fs.file-max = 209708
 # Do less swapping
 vm.swappiness = 10
-vm.dirty_ratio = 60
+vm.dirty_ratio = 30
 vm.dirty_background_ratio = 2

+# Redis configuration
 vm.overcommit_memory = 1

 #Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
@ -102,8 +120,9 @@ net.ipv6.conf.all.autoconf=0
 net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.default.autoconf=0
 net.ipv6.conf.default.accept_ra=0
-net.ipv6.conf.eth0.autoconf=0
-net.ipv6.conf.eth0.accept_ra=0
+net.ipv6.conf.ens18.accept_ra = 0
+net.ipv6.conf.ens160.autoconf = 0
+net.ipv6.conf.ens160.accept_ra = 0


 ###