Optimizing host.conf and sysctl.conf

Submitted by XLinux on

Well, here is another net-based optimization script i have for you. It also is not a masterpiece, but when you include this with everything else, this small addition is the topping to the cake.

#!/bin/sh
cp /etc/host.conf /etc/host.back
echo "# Lookup names via DNS first then fall back to /etc/hosts." > /etc/host.conf
echo "order bind,hosts" >> /etc/host.conf
echo "# We have machines with multiple IP addresses." >> /etc/host.conf
echo "multi on" >> /etc/host.conf
echo "# Check for IP address spoofing." >> /etc/host.conf
echo "nospoof on" >> /etc/host.conf
cp /etc/sysctl.conf /etc/sysctl.conf.old
echo "# Max File Handlers" >> /etc/sysctl.conf
echo "fs.file-max = 8192" >> /etc/sysctl.conf
echo "# Disable CTR+ALT+DEL Restart Keys" >> /etc/sysctl.conf
echo "kernel.ctrl-alt-del = 1" >> /etc/sysctl.conf
echo "# Enable TCP SYN cookie protection" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "# Disable ICMP Redirect Acceptance" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
echo "# Enable bad error message protection" >> /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.conf
echo "# Decrease time between keepalives" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 1200" >> /etc/sysctl.conf
echo "# Turn off timestamps" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo "# Ignore icmp broadcast request" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "# Decrease the time default value for tcp_fin_timeout connection" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 25" >> /etc/sysctl.conf
echo "# Turn off the tcp_window_scaling" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 0" >> /etc/sysctl.conf
echo "# Turn off the tcp_sack" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf
echo "# Allow more SYN backlog" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 1048" >> /etc/sysctl.conf
echo "# Lower retry rates" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 3" >> /etc/sysctl.conf
cp /etc/syslog.conf /etc/syslog.conf.old
echo "# Log all kernel messages to the new file /var/log/kernel" >> /etc/syslog.conf
echo "kern.* /var/log/kernel" >> /etc/syslog.conf
echo "# Log all logins to /var/log/login_log" >> /etc/syslog.conf
echo "auth.*;user.*;daemon.none /var/log/login_log" >> /etc/syslog.conf

when you look through the script, you can generally see what it is doing. But for a basic overveiw, the script is setting up the configs most people forget about, or maybe never even knew about. The script also makes a back-up of itself incase something might go wrong.

Enjoy.

Articles and guides: