Archive for the tag 'Parameters'

hdparm get/set SATA/ATA device parameters

Hdparm is a tool that allows you to set IDE device settings. This includes things such as DMA modes, transfer settings and various other settings that can help improve the speed of your hard disks and CDROMs. These settings are not enabled by default, so you will probably want to enable them.

Getting information about your different drives.

Different drives have different capabilities, so in order to configure them you must know what they are capable of doing. # hdparm -i /dev/hdX should give you the information you need (replace hdX with your drive)

hdparm -i /dev/hdd

-i Display the identification info that was obtained from the drive at boot time, if available. This is a feature of modern IDE drives, and may not be supported by older devices.

Benchmarking devices

hdparm -tT

hdparm includes a handy benchmark mode, which should allow you to see how much of a speed. When running a benchmark it is recommended that you close all programs that could interfere with the results.

# hdparm -tT /dev/hdX

You can use the following command to check what your IDE chipset

# lspci |grep -i ide

To enable DMA on a device type the following:

# hdparm -d1 /dev/hda

Now run a benchmark and see how much of an improvement you have received.

SBDavid

sysctl tunable parameters

sysctl tunable parameters

If you need Linux to ignore ping requests, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_echo_ignore_all = 1

If you want or need Linux to ignore broadcast requests, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_echo_ignore_broadcasts = 1

To alert you about bad error messages in the network, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.icmp_ignore_bogus_error_responses = 1

To turn on logging for Spoofed Packets, Source Routed Packets, and Redirect Packets, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.log_martians = 1
SBDavid

Kernel Tunable Security Parameters

Kernel Tunable Security Parameters

To activate the configured kernel parameters immediately at runtime, use:

# sysctl -p

The following list shows tunable kernel parameters you can use to secure your Linux server against attacks.

For each tunable kernel parameters we will show the entry that needs to be added to the /etc/sysctl.conf configuration file to make the change permanent after reboots.

Enable TCP SYN Cookie Protection

A “SYN Attack” is a denial of service attack that consumes all the resources on a machine. Any server that is connected to a network is potentially subject to this attack.

To enable TCP SYN Cookie Protection, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.tcp_syncookies = 1

Disable IP Source Routing

Source Routing is used to specify a path or route through the network from source to destination. This feature can be used by network people for diagnosing problems.

However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it’s not communicating with a trusted server.

To enable Source Route Verification, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.accept_source_route = 0

« Prev