search

hawshemi / Linux-Optimizer

Linux Optimizer
MIT License
587 stars 89 forks source link

[SUGGESTION] sysctl options descriptions #58

Closed shakibamoshiri closed 9 months ago

shakibamoshiri commented 9 months ago

Is your feature request related to a problem? Please describe. there is no problem, when sysctl.conf is updated it is better to see description of each item has been added

Describe the solution you'd like items added can be categorized and a short title for each can be added

Describe alternatives you've considered here is an example I use

# Enable TCP BBR
# https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

# Protect from IP Spoofing  
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Protect from bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0

# Turn on exec shield
kernel.exec-shield = 1
kernel.randomize_va_space = 1

# Block SYN attacks
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5

# Log Martians  
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

the above is much more readable and easy to update comparing to the same but without titles 

net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
kernel.exec-shield = 1
kernel.randomize_va_space = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
hawshemi commented 9 months ago

The reference file is here: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf

These parameters are written to /etc/sysctl.conf without comments. but the references have a description and category.

But thanks for the suggestion. I will keep it in mind.