#sysctl -p
引數:
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
# vendors settings live in /usr/lib/sysctl.d/.
# to override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. to override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
# for more information, see sysctl.conf(5) and sysctl.d(5).
#系統優化引數
##關閉ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
## 避免放大攻擊
net.ipv4.icmp_echo_ignore_broadcasts = 1
## 開啟惡意icmp錯誤訊息保護
net.ipv4.icmp_ignore_bogus_error_responses = 1
##關閉路由**
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
##開啟反向路徑過濾
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
##處理無源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
##關閉sysrq功能
kernel.sysrq = 0
##core檔名中新增pid作為副檔名
kernel.core_uses_pid = 1
## 開啟syn洪水攻擊保護
net.ipv4.tcp_syncookies = 1
##修改訊息佇列長度
kernel.msgmnb = 65536
kernel.msgmax = 65536
##設定最大記憶體共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
##timewait的數量,預設180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
##每個網路介面接收資料報的速率比核心處理這些包的速率快時,允許送到佇列的資料報的最大數目
net.core.netdev_max_backlog = 262144
##限制僅僅是為了防止簡單的dos 攻擊
net.ipv4.tcp_max_orphans = 3276800
##未收到客戶端確認資訊的連線請求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
##核心放棄建立連線之前傳送synack 包的數量
net.ipv4.tcp_synack_retries = 1
##核心放棄建立連線之前傳送syn 包的數量
net.ipv4.tcp_syn_retries = 1
##啟用timewait 快速**
#net.ipv4.tcp_tw_recycle = 1
##tcp_tw_recycle 的機制是維護時間戳,發現時間戳後退的包直接丟掉,會導致伺服器可能會丟失 nat 模式下執行的客戶端連線
##開啟重用。允許將time-wait sockets 重新用於新的tcp 連線
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
##當keepalive 起用的時候,tcp 傳送keepalive 訊息的頻度。預設是2 小時
net.ipv4.tcp_keepalive_time = 30
##允許系統開啟的埠範圍
net.ipv4.ip_local_port_range = 1024 65000
##修改防火牆表大小,預設65536
#ulimit -n 265535
#可在/etc/profile中設定
fs.file-max = 265535
#系統級別的能夠開啟的檔案控制代碼的數量,ulimit 是程序級別的
注:kernel.shmmax = 68719476736(頁)
shmmax 是核心引數中最重要的引數之一,用於定義單個共享記憶體段的最大值,shmmax 設定應該足夠大,能在乙個共享記憶體段下容納下整個的sga ,設定的過低可能會導致需要建立多個共享記憶體段,預設設定已經足夠大
kernel.shmall = 4294967296(頁)
控制共享記憶體頁數,linux 共享記憶體頁大小為4kb, 共享記憶體段的大小都是共享記憶體頁大小的整數倍。假設共享記憶體段的最大大小是16g,那麼需要共享記憶體頁數是 16gb/4kb=16777216kb/4kb=4194304頁才符合。預設設定已經足夠大
kernel.shmall
#共享記憶體段的最大數量,shmmni 預設值 4096 ,一般肯定是夠用了
CentOS7的核心優化
vim etc sysctl.conf sysctl p net.ipv6.conf.all.disable ipv6 1 net.ipv6.conf.default.disable ipv6 1 net.ipv4.icmp echo ignore broadcasts 1 net.ipv4.icm...
centos7優化核心引數詳解
cat etc sysctl.conf ctcdn系統優化引數 關閉ipv6 net.ipv6.conf.all.disable ipv6 1 net.ipv6.conf.default.disable ipv6 1 避免放大攻擊 net.ipv4.icmp echo ignore broadcas...
centos7優化核心引數詳解
centos7優化核心引數詳解 原文 cat etc sysctl.conf ctcdn系統優化引數 關閉ipv6 net.ipv6.conf.all.disable ipv6 1 net.ipv6.conf.default.disable ipv6 1 避免放大攻擊 net.ipv4.icmp e...