1) The bdflush kernel daemon. It's operation is controlled by /proc/sys/vm/bdflush file. The file system performance can be improved by tweaking it.
2) Modifying the amount of memory required for buffer memory. You can do this via /proc/sys/vm/buffermem file.
3) The maximum number of file handles allocated by kernel can be changed via /proc/sys/fs/file-max file.
For improving security, you can tweak the kernel by doing the following:
1) Enable tcp syn cookie protection (/proc/sys/net/ipv4/tcp_syncookies)
2) Enable always-defragging protection (/proc/sys/net/ipv4/ip_always_defrag)
3) Disable ICMP redirect acceptance (/proc/sys/net/ipv4/conf/*/accept_redirects)
4) Enable bad error message protection. (/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses)
5) Enable ip spoofing protection (/proc/sys/net/ipv4/conf/*/rp_filter)
Hope this helps.........
Rgds,
Sanjay
Manu wrote:
Hi,
We r planning to host our new site on RH 7.3
Can anybody point me with some doumentation on securing the server..
What Are the kernel parameters should i Change In 7.3
Should i recompile the kernel for optimum performance..
Pls give some suggestions..
Regards
Manu
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
