External/sysctl
1
0
Fork 0
mirror of https://github.com/k4yt3x/sysctl.git synced 2025-12-18 02:06:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
59 Commits 1 Branch 15 Tags
Commit Graph

59 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
k4yt3x
efa3c6ce5c
feat: add deny new usb kernel param 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
55becbef22
docs(readme): add AppArmor and disable IPv6 boot options 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
ea0cfb032a
docs(readme): fix mce boot command line typo 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
f1af91b397
docs(readme): add modules.sig_enforce boot param 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
ce3419b623
docs(readme): add important callouts and tips 
Signed-off-by: k4yt3x <i@k4yt3x.com>
1.13 		2025-10-19 00:00:00 +00:00
k4yt3x
0ed7ae7b39
feat: enable userns by default and disable TIOCSTI 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
0478ec2a12
docs(readme): add boot command line options 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-10-19 00:00:00 +00:00
k4yt3x
26337ae50c
feat: change net.core.default_qdisc to fq for proper BBR 
Signed-off-by: k4yt3x <i@k4yt3x.com>
1.12 		2025-09-07 00:00:00 +00:00
k4yt3x
5ae8940d45
docs(readme): update instructions and recommended deployment method 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-08-24 00:00:00 +00:00
k4yt3x
56979a5786
docs(sysctl): update descriptions for SACK 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2025-08-24 00:00:00 +00:00
k4yt3x
34a29c3cf9
docs(readme): replaced the deprecated domain k4t.io with kt.ax 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2024-11-07 00:00:00 +00:00
k4yt3x
9f621a7259
feat: optimized socket buffer size limits 
https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency
Updated some comments.

Signed-off-by: k4yt3x <i@k4yt3x.com>
1.11 		2024-07-15 00:00:00 +00:00
K4YT3X
1d2f9f784d
Merge pull request #14 from HorlogeSkynet/patch-1 
Mentions `kernel.yama.ptrace_scope = 3` breaks lxc v6+ procfs
1.10 		2024-05-02 23:10:44 +00:00
k4yt3x
11a7d7123b
docs: added more descriptions for kernel.yama.ptrace_scope 
Signed-off-by: k4yt3x <i@k4yt3x.com>
 2024-05-02 00:00:00 +00:00
Samuel FORESTIER
0283efcc03
Mentions kernel.yama.ptrace_scope = 3 breaks lxc v6+ procfs 
See <https://github.com/lxc/lxcfs/issues/636> and <https://github.com/lxc/lxcfs/issues/639>.
 2024-05-02 19:01:57 +00:00
k4yt3x
feeb1516bc
added kernel.modules_disabled=1 
Signed-off-by: k4yt3x <i@k4yt3x.com>
1.9 		2023-07-06 23:24:49 +00:00
k4yt3x
b6f10417e7
commented out disable TCP window scaling by default 
Disabling TCP window scaling could result in a significant decrease in
performance in high-latency communications.

Signed-off-by: k4yt3x <i@k4yt3x.com>
1.8 		2023-07-03 18:20:40 +00:00
K4YT3X
b16bc4cb9c
Merge pull request #13 from HorlogeSkynet/patch-1 
Fixes a typo and removes duplicate contributor
 2023-02-12 00:06:31 -05:00
Samuel FORESTIER
efaac1f8c8
Fixes a typo and removes duplicate contributor 2022-09-30 17:06:34 +00:00
K4YT3X
0b3910d9fb
Merge pull request #12 from k4yt3x/1.7 
1.7
1.7 		2022-08-04 12:25:00 -04:00
K4YT3X
7f44c4c6db
Merge pull request #10 from HorlogeSkynet/style/spaces_around_assigns 
Improved consistency by adding spaces around '=' for `vm.mmap_rnd_*`
 2022-08-04 12:23:17 -04:00
k4yt3x
fa1f91a45e moved ldisc_autoload and unprivileged_userfaultfd; updated comments 2022-08-04 16:22:59 +00:00
K4YT3X
810d887093
Merge pull request #9 from shenzhui007/master 
Update sysctl.conf
 2022-08-04 12:12:37 -04:00
Samuel FORESTIER
871c697809 Improved consistency by adding spaces around '=' for vm.mmap_rnd_* 2022-07-02 10:19:10 +02:00
shenzhui007
340f2a55de
Update sysctl.conf 
update according to https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
 2022-06-06 12:58:49 +08:00
K4YT3X
713183509d set PMTU starting value to 1024 according to RFC4821 1.6 2021-10-15 15:50:23 +00:00
K4YT3X
19916769ae updated assumptions; enabled more optimizations by default 1.5 2021-10-12 18:14:09 +00:00
K4YT3X
eacf4688a4
Merge pull request #7 from IceCodeNew/4pr_disable_slow_start_after_idle 
Enable mtu probing
1.4 		2021-10-12 13:17:45 -04:00
K4YT3X
c21ccc08b8
updated comments for MTU probing 
references: https://blog.cloudflare.com/ip-fragmentation-is-broken/
 2021-10-12 17:17:31 +00:00
IceCodeNew
c5903aa694
Enable mtu probing 2021-10-13 00:57:18 +08:00
K4YT3X
48417fc672
Merge pull request #6 from IceCodeNew/4pr_disable_slow_start_after_idle 
Disable TCP slow start after idle
 2021-10-12 12:37:38 -04:00
K4YT3X
445f1e4791
edited/reformatted SSR comments; updated dates 2021-10-12 16:36:27 +00:00
IceCodeNew
2ead2cea26
Disable TCP slow start after idle 
Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
 2021-10-12 21:16:55 +08:00
K4YT3X
3ea204497d tweaked perf restrictions, disallowed IPv6 SRR and redirects 1.3 2021-06-07 22:03:11 +00:00
K4YT3X
50d77687e4
Merge pull request #5 from HorlogeSkynet/master 
added recommendations from ANSSI
 2021-06-07 17:55:37 -04:00
Samuel FORESTIER
9a3fd6cf9c
Fixed variables processing order issue related to perf subsystem 
> https://bbs.archlinux.org/viewtopic.php?id=248926
 2021-06-07 08:21:17 +00:00
Samuel FORESTIER
4eba426270 added recommendations from ANSSI (perf subsystem + vm low addr mapping) 
> https://www.ssi.gouv.fr/uploads/2016/01/linux_configuration-fr-v1.2.pdf#section.6.2
 2021-06-06 14:12:51 +02:00
k4yt3x
f426457a6b changed akas.io links to k4t.io 2021-05-25 07:18:13 +00:00
K4YT3X
5eecf56b0a added more descriptions for TCP timestamps 2020-10-29 10:44:10 -04:00
K4YT3X
fbe72f187d added comments for rp_filter (BCP38) 2020-10-21 23:37:04 -04:00
K4YT3X
7ec9bd7ef5 increased fs.inotify.max_user_watches to 524288 2020-10-19 17:31:10 -04:00
K4YT3X
b291beb3f9 added more deployment methods and explanations 1.2 2020-10-08 14:35:18 -04:00
K4YT3X
b260f22a45 optimized usage instructions, removed full sysctl.conf from README 2020-10-07 17:58:47 -04:00
K4YT3X
f173c2cafc added note for inode-max 2020-10-07 17:39:07 -04:00
K4YT3X
fa7dc0052b synchronized README with config file 2020-10-07 17:31:58 -04:00
K4YT3X
d45547b9c5 further increased ip port range 2020-10-07 17:31:14 -04:00
K4YT3X
2f4267a8d9 increased kernel.pix_max and fs.file-max values according to theoretical limits on 64-bit systems 2020-10-07 17:29:29 -04:00
K4YT3X
f84b2472fa
Merge pull request #1 from IceCodeNew/4pr_net.ipv4.ip_local_port_range 
It is better if two numbers have different parity
 2020-10-07 20:38:51 +00:00
IceCodeNew
fcdee62224 It is better if two numbers have different parity 
Refer: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
 2020-10-07 23:57:00 +08:00
K4YT3X
1939bb08ae synchronized README with config file 1.1 2020-10-06 14:53:49 -04:00