linux系统加固(13)

linux 系统加固手册。linux服务器安全。

kernel.shmmax = 268435456

# Improve file system performance

vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

# Improve virtual memory performance

vm.buffermem = 90 10 60 # Increases the size of the socket queue (effectively, q0).

net.ipv4.tcp_max_syn_backlog = 1024

# Increase the maximum total TCP buffer-space allocatable

net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable

net.ipv4.tcp_wmem = 32768 65536 524288

15

# Increase the maximum TCP read-buffer space allocatable

net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size

net.core.rmem_max = 524280

net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size

net.core.wmem_max = 524280

net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range

net.ipv4.ip_local_port_range = 16384 65536

# Increase the maximum memory used to reassemble IP fragments

net.ipv4.ipfrag_high_thresh = 512000

net.ipv4.ipfrag_low_thresh = 446464

# Increase the maximum amount of option memory buffers

net.core.optmem_max = 57344

# Increase the maximum number of skb-heads to be cached

net.core.hot_list_length = 1024

## DO NOT REMOVE THE FOLLOWING LINE!

## nsobuild:20051206

复制代码

重启后生效

/sbin/sysctl -p

sysctl -w net.ipv4.route.flush=1

复制代码

27.更改SSH端口

更改SSH默认端口号在一定程度上可以提高安全性

方法：