内核初始化脚本
OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
# -------------------------------- Tuning the kernel TCP parameters --------------------------------
#--------net.ipv4.tcp_syn_retries--------
# 对于一个新建连接,内核要发送多少个SYN连接请求才决定放弃
SYN_Times=2 # SYN连接次数
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syn_retries` ]]
then
sed -i 's/net.ipv4.tcp_syn_retries = .*/net.ipv4.tcp_syn_retries = '$SYN_Times'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_syn_retries = $SYN_Times" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_synack_retries--------
# 对于远端的连接请求SYN,内核会发送SYN+ACK数据报,以确认收到上一个SYN连接请求包
# 这里决定内核在放弃连接之前所送出的SYN+ACK数目
SYN_ACK_Nu=2 # 设置SYN+ACK数目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_synack_retries` ]]
then
sed -i 's/net.ipv4.tcp_synack_retries = .*/net.ipv4.tcp_synack_retries = '$SYN_ACK_Nu'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_synack_retries = $SYN_ACK_Nu" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_time--------
# TCP发送keepalive探测消息的间隔时间(秒),用于确认TCP连接是否有效
# 防止两边建立连接但不发送数据的攻击
Keepalive_time=600 #间隔时间
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_time` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_time = .*/net.ipv4.tcp_keepalive_time = '$Keepalive_time'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_time = $Keepalive_time" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_probes--------
# TCP发送keepalive探测消息用于确认TCP连接是否有效,单位:秒
Keepalive_probes=15 #间隔时间
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_probes` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_probes = .*/net.ipv4.tcp_keepalive_probes = '$Keepalive_probes'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_probes = $Keepalive_probes" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_intvl--------
# 探测消息未获得响应时,重发该消息的间隔时间(秒)
Keepalive_intvl=15 #间隔时间
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_intvl` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_intvl = .*/net.ipv4.tcp_keepalive_intvl = '$Keepalive_intvl'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_intvl = $Keepalive_intvl" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_retries2--------
# 在丢弃激活(已建立通讯状况)的TCP连接之前�o需要进行多少次重试
Tcp_retries=3 #重试次数
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_retries2` ]]
then
sed -i 's/net.ipv4.tcp_retries2 = .*/net.ipv4.tcp_retries2 = '$Tcp_retries'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_retries2 = $Tcp_retries" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_orphan_retries--------
# 在近端丢弃TCP连接之前�o要进行多少次重试
Tcp_orphan_retries=3 #重试次数
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_orphan_retries` ]]
then
sed -i 's/net.ipv4.tcp_orphan_retries = .*/net.ipv4.tcp_orphan_retries = '$Tcp_orphan_retries'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_orphan_retries = $Tcp_orphan_retries" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_orphans--------
# 系统所能处理不属于任何进程的TCP sockets最大数量
# 假如超过这个数量�o那么不属于任何进程的连接会被立即reset,并同时显示警告信息
Tcp_Max_orphans=8388608 #最大数量
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_orphans` ]]
then
sed -i 's/net.ipv4.tcp_max_orphans = .*/net.ipv4.tcp_max_orphans = '$Tcp_Max_orphans'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_orphans = $Tcp_Max_orphans" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_fin_timeout--------
# 对于本端断开的socket连接,TCP保持在FIN-WAIT-2状态的时间,单位 秒
Tcp_fin_timeout=2 #保持时间
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fin_timeout` ]]
then
sed -i 's/net.ipv4.tcp_fin_timeout = .*/net.ipv4.tcp_fin_timeout = '$Tcp_fin_timeout'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_fin_timeout = $Tcp_fin_timeout" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_tw_buckets--------
# 系统在同时所处理的最大 timewait sockets 数目
# 如果超过此数的话�otime-wait socket 会被立即砍除并且显示警告信息
Tcp_max_tw_buckets=3600 #最大 timewait sockets 数目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_tw_buckets` ]]
then
sed -i 's/net.ipv4.tcp_max_tw_buckets = .*/net.ipv4.tcp_max_tw_buckets = '$Tcp_max_tw_buckets'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_tw_buckets = $Tcp_max_tw_buckets" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_tw_recycle--------
# 打开快速 TIME-WAIT sockets 回收
Tcp_tw_recycle=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_recycle` ]]
then
sed -i 's/net.ipv4.tcp_tw_recycle = .*/net.ipv4.tcp_tw_recycle = '$Tcp_tw_recycle'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_tw_recycle = $Tcp_tw_recycle" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_tw_reuse--------
# 表示是否允许重新应用处于TIME-WAIT状态的socket用于新的TCP连接
Tcp_tw_reuse=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_reuse` ]]
then
sed -i 's/net.ipv4.tcp_tw_reuse = .*/net.ipv4.tcp_tw_reuse = '$Tcp_tw_reuse'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_tw_reuse = $Tcp_tw_reuse" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_abort_on_overflow--------
# 当守护进程太忙而不能接受新的连接,就象对方发送reset消息
Tcp_abort_on_overflow=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_abort_on_overflow` ]]
then
sed -i 's/net.ipv4.tcp_abort_on_overflow = .*/net.ipv4.tcp_abort_on_overflow = '$Tcp_abort_on_overflow'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_abort_on_overflow = $Tcp_abort_on_overflow" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_syncookies--------
# 当出现syn等候队列出现溢出时象对方发送syncookies
# 目的是为了防止syn flood攻击
Tcp_syncookies=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syncookies` ]]
then
sed -i 's/net.ipv4.tcp_syncookies = .*/net.ipv4.tcp_syncookies = '$Tcp_syncookies'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_syncookies = $Tcp_syncookies" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_syn_backlog--------
# 对于那些依然还未获得客户端确认的连接请求�o需要保存在队列中最大数目
Tcp_max_syn_backlog=256 #保持在队列中最大数目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_syn_backlog` ]]
then
sed -i 's/net.ipv4.tcp_max_syn_backlog = .*/net.ipv4.tcp_max_syn_backlog = '$Tcp_max_syn_backlog'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_syn_backlog = $Tcp_max_syn_backlog" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_window_scaling--------
# 该文件表示设置tcp/ip会话的滑动窗口大小是否可变
Tcp_windows_scaling=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_window_scaling` ]]
then
sed -i 's/net.ipv4.tcp_window_scaling = .*/net.ipv4.tcp_window_scaling = '$Tcp_windows_scaling'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_window_scaling = $Tcp_windows_scaling" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_timestamps--------
# Timestamps 用在其它一些东西中�o可以防范那些伪造的 sequence 号码
Tcp_timestamps=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_timestamps` ]]
then
sed -i 's/net.ipv4.tcp_timestamps = .*/net.ipv4.tcp_timestamps = '$Tcp_timestamps'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_timestamps = $Tcp_timestamps" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_sack--------
# 使用 Selective ACK�o它可以用来查找特定的遗失的数据报
Tcp_sack=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_sack` ]]
then
sed -i 's/net.ipv4.tcp_sack = .*/net.ipv4.tcp_sack = '$Tcp_sack'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_sack = $Tcp_sack" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_fack--------
# 打开FACK拥塞避免和快速重传功能
# 当启用此功能时,net.ipv4.tcp_sack也要设为1才有效
Tcp_fack=1 #打开
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fack` ]]
then
sed -i 's/net.ipv4.tcp_fack = .*/net.ipv4.tcp_fack = '$Tcp_fack'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_fack = $Tcp_fack" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_wmem--------
# 发送缓存设置,单位 B
# min:为TCP socket预留用于发送缓冲的内存最小值。每个tcp socket都可以在建议以后都可以使用它
# default:为TCP socket预留用于发送缓冲的内存数量
# 默认情况下该值会影响其它协议使用的net.core.wmem_default 值,一般要低于net.core.wmem_default的值
# max: 用于TCP socket发送缓冲的内存最大值
Tcp_Wmem_Min=`getconf PAGE_SIZE`
Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`
if [[ -n $Core_Wmem_Default ]]
then
Tcp_Wmem_Default=$(($Core_Wmem_Default/5*3))
Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))
sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf
else
Tcp_Wmem_Default=$(($Tcp_Wmem_Min*16))
Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem` ]]
then
sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_wmem = $Tcp_Wmem_Min $Tcp_Wmem_Default $Tcp_Wmem_Max" >> /etc/sysctl.conf
fi
fi
#--------net.ipv4.tcp_rmem--------
# 接收缓存设置,单位 B
# min: 为TCP socket预留用于接收缓冲的内存数量
# 即使在内存出现紧张情况下tcp socket都至少会有这么多数量的内存用于接收缓冲
# default: 为TCP socket预留用于接收缓冲的内存数量
# 默认情况下该值影响其它协议使用的 net.core.wmem_default 值,一般要低于net.core.wmem_default的值
# max: 用于TCP socket接收缓冲的内存最大值
Gage_Size=`getconf PAGE_SIZE`
Tcp_Rmem_Min=$(($Gage_Size*2))
Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`
if [[ -n $Core_Wmem_Default ]]
then
Tcp_Rmem_Default=$(($Core_Wmem_Default/5*4))
Tcp_Rmem_Max=$(($Tcp_Rmem_Default*256))
sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf
else
Tcp_Rmem_Default=$(($Tcp_Rmem_Min*21))
Tcp_Rmem_Max=$(($Tcp_Rmem_Default*128))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem` ]]
then
sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_rmem = $Tcp_Rmem_Min $Tcp_Rmem_Default $Tcp_Rmem_Max" >> /etc/sysctl.conf
fi
fi
#--------net.ipv4.tcp_mem--------
# low:当TCP使用了低于该值的内存页面数时,TCP不会考虑释放内存
# 此值的理想大小:net.ipv4.tcp_wmem(default) * 最大并发连接数 / 页大小
# pressure:当TCP使用了超过该值的内存页面数量时,TCP试图稳定其内存使用,进入pressure模式
# 当内存消耗低于low值时则退出pressure状态
# 此值的理想大小:TCP可以使用的总缓冲区大小 * 最大并发连接数 / 页大小
# high:允许所有tcp sockets用于排队缓冲数据报的页面量,如果超过这个值,TCP 连接将被拒绝
# 此值的理想大小:TCP可以使用的总缓冲区大小 * 2.5 * 最大并发连接数 / 页大小
# 页大小
Gage_Size=`getconf PAGE_SIZE`
# 最大并发连接数
Max_Connec=300
Tcp_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $4}'`
if [[ -z $Tcp_Wmem_Default ]]
then
Tcp_Wmem_Default=$(($Gage_Size * 16))
fi
Tcp_Mem_Low=$(($Tcp_Wmem_Default*$Max_Connec/$Gage_Size))
Tcp_Wmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $NF}'`
if [[ -z $Tcp_Wmem ]]
then
Tcp_Wmem=$(($Gage_Size*2048))
fi
Tcp_Rmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem | awk '{print $NF}'`
if [[ -z $Tcp_Rmem ]]
then
Tcp_Rmem=$(($Gage_Size*2048))
fi
Tcp_Mem=$(($Tcp_Wmem+$Tcp_Rmem))
Tcp_Mem_Pressure=$(($Tcp_Mem*$Max_Connec/Gage_Size))
Tcp_Mem_Hign=$(($Tcp_Mem_Pressure*5/2))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_mem` ]]
then
sed -i 's/net.ipv4.tcp_mem = .*/net.ipv4.tcp_mem = '$Tcp_Mem_Low' '$Tcp_Mem_Pressure' '$Tcp_Mem_Hign'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_mem = $Tcp_Mem_Low $Tcp_Mem_Pressure $Tcp_Mem_Hign" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_low_latency--------
# 允许 TCP/IP 栈适应在高吞吐量情况下低延时的情况
# 这个选项一般情形是的禁用。(但在构建Beowulf 集群的时候,打开它很有帮助)
Tcp_low_latency=0 #禁止
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_low_latency` ]]
then
sed -i 's/net.ipv4.tcp_low_latency = .*/net.ipv4.tcp_low_latency = '$Tcp_low_latency'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_low_latency = $Tcp_low_latency" >> /etc/sysctl.conf
fi
#--------net.ipv4.ip_forward--------
# NAT必须开启IP转发支持
Ip_forward=0 #禁止
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_forward` ]]
then
sed -i 's/net.ipv4.ip_forward = .*/net.ipv4.ip_forward = '$Ip_forward'/' /etc/sysctl.conf
else
echo "net.ipv4.ip_forward = $Ip_forward" >> /etc/sysctl.conf
fi
#--------net.ipv4.ip_local_port_range--------
# 表示用于向外连接的端口范围,默认比较小,这个范围同样会间接用于NAT表规模
rang_first=1024 #开始端口
rang_last=65000 #结束端口
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_local_port_range` ]]
then
sed -i 's/net.ipv4.ip_local_port_range = .*/net.ipv4.ip_local_port_range = '$rang_first' '$rang_last'/' /etc/sysctl.conf
else
echo "net.ipv4.ip_local_port_range = $rang_first $rang_last" >> /etc/sysctl.conf
fi
echo -e "\n" >> $Log_file
echo "Tuning the kernel TCP parameters is Ok" >> $Log_file
echo -e "\n"
echo "Tuning the kernel TCP parameters is Ok"
# -------------------------------- Tuning the kernel core parameters --------------------------------
# --------kernel.shmall--------
# 得到Linux内存页大小,单位为字节 B
Page_Size=`getconf PAGE_SIZE`
# 得到物理内存的大小,单位为千字节 KB
Mem_Total=`grep MemTotal /proc/meminfo| awk '{print $2}'`
# 共享内存页数
shmall=$(($Mem_Total*1024/$Page_Size))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmall` ]]
then
sed -i 's/kernel.shmall = .*/kernel.shmall = '$shmall'/' /etc/sysctl.conf
else
echo "kernel.shmall = $shmall" >> /etc/sysctl.conf
fi
# --------kernel.shmmax--------
# 得到物理内存的大小,单位为字节 B
Mem_Total_B=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`*1024))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmmax` ]]
then
sed -i 's/kernel.shmmax = .*/kernel.shmmax = '$Mem_Total_B'/' /etc/sysctl.conf
else
echo "kernel.shmmax = $Mem_Total_B" >> /etc/sysctl.conf
fi
#--------fs.file-max--------
# 得到物理内存的大小,单位为兆字节 MB
Mem_Total_M=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`/1024))
# 每4M物理内存分配256个
File_Max=$((Mem_Total_M/4*256))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep fs.file-max` ]]
then
sed -i 's/fs.file-max = .*/fs.file-max = '$File_Max'/' /etc/sysctl.conf
else
echo "fs.file-max = $File_Max" >> /etc/sysctl.conf
fi
#--------net.core.netdev_max_backlog--------
# 每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
#设置最大数目
Max_Backlog=32768
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.netdev_max_backlog` ]]
then
sed -i 's/net.core.netdev_max_backlog = .*/net.core.netdev_max_backlog = '$Max_Backlog'/' /etc/sysctl.conf
else
echo "net.core.netdev_max_backlog = $Max_Backlog" >> /etc/sysctl.conf
fi
#--------net.core.somaxconn--------
# 用来限制监听(LISTEN)队列最大数据包的数量,超过这个数量就会导致链接超时或者触发重传机制
#设置最大数目
Max_Conn=16384
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.somaxconn` ]]
then
sed -i 's/net.core.somaxconn = .*/net.core.somaxconn = '$Max_Conn'/' /etc/sysctl.conf
else
echo "net.core.somaxconn = $Max_Conn" >> /etc/sysctl.conf
fi
echo -e "\n" >> $Log_file
echo "Tuning the kernel core parameters is Ok" >> $Log_file
echo -e "\n"
echo "Tuning the kernel core parameters is Ok"
echo -e "\n"
echo "--------linux kernel parameters are as follows--------"
echo -e "\n"
sysctl -p
exit
-------------------------------------------------------------------------
脚本位置:http://down.51cto.com/data/1040258