設定 †
セキュリティ †
/etc/sysctl.d/custom.conf に記載する
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| -
|
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
-
!
| kernel.dmesg_restrict = 1
kernel.kptr_restrict = 1
kernel.yama.ptrace_scope = 2
kernel.sysrq = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
|
パフォーマンス †
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| -
|
!
-
!
-
!
-
!
-
!
-
!
| net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_moderate_rcvbuf = 1
net.core.rmem_max = 8388608
net.core.rmem_default = 212992
net.ipv4.tcp_rmem = 4096 212992 8388608
net.core.wmem_max = 8388608
net.core.wmem_default = 212992
net.ipv4.tcp_wmem = 4096 212992 8388608
net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.ip_local_port_range = 2048 65535
|
運用 †
1
2
3
| -
|
!
| kernel.panic = 10
|
反映 †
1
2
3
4
5
| -
!
-
!
| sysctl -p
sysctl --system
|