Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 19 Dec 2018, 08:05
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects » Documentation Project
Kernel and TCP Tuning
Moderators: Flash, JohnMurga, puppian
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message

Joined: 30 Oct 2006
Posts: 478

PostPosted: Fri 02 Feb 2007, 13:48    Post subject:  Kernel and TCP Tuning
Subject description: For fun, prophet, security and understanding of the Linux system.

Well after about 4 months of using Puppy Linux and linux in general, I havent remastered it, or compiled any applications yet. But I have spent most of my time - regarding the security aspects - in particular the IPTABLES and firewall, which allows you to control alot, and from the continued research and application thereof the upper limit of knowledge is almost -- practically limitless, at least for a newbie like me. Although I have enjoyed much sucess...

Forum memeber "Gn2" convinced me to go beyond just that knowledge - thanks.

If you are using a live PuppyCD you can make attempts to "tune your Kernel" without saving anything, as every reboot is a fresh OS, at least in my instance.

I have done alot of tuning, although not perfected it yet, I have had some success and aquired great knowledge of the linux system as a newbie.

There is alot more to be said of how and why - on kernel tuning, my purpose and success as well as issues. Here is some infor for those interested.


Ipsysctl tutorial 1.0.4
Why this document

I started writing this documentation in the hopes that it would help people understand the IP options provided by Linux 2.4, and what you can do with these options. This is a plain text documentation, hoping to give the necessary understanding and help to configure your kernel on the fly, and to get it up and running in a way that suites you. A lot of these options can also be used to increase performance, as well as strengthen the security.

Intended audience & prerequisite knowledge

This document is intended for evyerone with an intermediate through advanced understanding of TCP/IP as well as the Linux operating system. You should understand TCP/IP fairly well, as well as understand what a packet header is and what parts it consists of. You will also need a lot of understanding of routing and the core of TCP/IP networking.

In general, this document was not intended for the novice Linux user, but you may have some luck checking through this document if you are experiencing specific needs. Be absolutely 100% certain that you have understood the variables in question before you do change them though, since some of them may cause really interesting results.



BOOLEAN 0 - disabled (default)
Forward Packets between interfaces. This variable is special, its change resets all configuration parameters to their default state (RFC1122 for hosts, RFC1812 for routers)

INTEGER default 64

Even Better descriptions>>>
/proc/sys/net/ipv4/* Variables:


tcp_fin_timeout - INTEGER
Time to hold socket in state FIN-WAIT-2, if it was closed
or even died unexpectedly. Default value is 60sec.
Usual value used in 2.2 was 180 seconds, you may restore
it, but remember that if your machine is even underloaded WEB server,
you risk to overflow memory with kilotons of dead sockets,
FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
because they eat maximum 1.5K of memory, but they tend
to live longer. Cf. tcp_max_orphans.



tcp_syncookies - BOOLEAN
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
Send out syncookies when the syn backlog queue of a socket
overflows. This is to prevent against the common 'syn flood attack'
Default: FALSE

Note, that syncookies is fallback facility.
It MUST NOT be used to help highly loaded servers to stand
against legal connection rate. If you see synflood warnings
in your logs, but investigation shows that they occur
because of overload with legal connections, you should tune
another parameters until this warning disappear.
See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.

syncookies seriously violate TCP protocol, do not allow
to use TCP extensions, can result in serious degradation
of some services (f.e. SMTP relaying), visible not by you,
but your clients and relays, contacting you. While you see
synflood warnings in logs not being really flooded, your server
is seriously misconfigured.

Amateur Fortress Building in Linux
Part 1

Kernel Security


Linux Kernel Tuning Using System Control

Why tuning my system?


"proc/sys/kernel/domainname, /proc/sys/kernel/hostname
"proc is very special in that it is also a virtual filesystem. It's sometimes referred to as a process information pseudo-file system. It doesn't contain 'real' files but runtime system information (e.g. system memory, devices mounted, hardware configuration, etc). For this reason it can be regarded as a control and information centre for the kernel."

By altering files located in this directory you can even read/change kernel parameters (sysctl) while the system is running.

These files can be controlled to set the NIS domainname and hostname of your box. For the classic darkstar.frop.org a simple: # echo "darkstar" > /proc/sys/kernel/hostname # echo "frop.org" > /proc/sys/kernel/domainname would suffice to set your hostname and NIS domainname. /proc/sys/kernel/osrelease, /proc/sys/kernel/ostype, /proc/sys/kernel/version The names make it pretty obvious what these fields contain: # cat /proc/sys/kernel/osrelease 2.2.12 # cat /proc/sys/kernel/ostype Linux # cat /proc/sys/kernel/version #4 Fri Oct 1 12:41:14 PDT 1999 The files osrelease and ostype should be clear enough. Version needs a little more clarification. The #4 means that this is the 4th kernel built from this source base and the date after it indicates the time the kernel was built. The only way to tune these values is to rebuild the kernel.

"if your not the lead dog the view is always the same"

Last edited by Mic67 on Tue 13 Feb 2007, 23:19; edited 1 time in total
Back to top
View user's profile Send private message 

Joined: 16 Oct 2006
Posts: 936
Location: virtual - Veni vidi, nihil est adpulerit

PostPosted: Sat 03 Feb 2007, 00:34    Post subject:  

With POWER comes responsibility - (Careful) - you may be in danger of hatching Razz EGGDROPS

Combine w/ new TOR

cal -3

awk -F: '{print $1 "," $5}' /etc/passwd | sort

tail --follow=name /var/log/httpd/access_log | awk '/mambo|xmlrpc.php|drupal/ \
{ system("iptables -A INPUT -p tcp --dport 80 --source " $1 " -j DROP") }'
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Projects » Documentation Project
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0526s ][ Queries: 11 (0.0151s) ][ GZIP on ]