Tuning sysctl.conf on CentOS 7

Sysctl lets the user fine tune the kernel without having to rebuild the kernel. It also will apply the changes immediately, thus the server won’t have to be rebooted for changes to take effect. To make the changes permanent, you will have to add these values to a configuration file. Use the configuration file CentOS provides by default, /etc/sysctl.conf.

Open the file with your favorite editor.

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

# Minimizing the amount of swapping
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5

# Increases the size of file handles and inode cache & restricts core dumps
fs.file-max = 2097152
fs.suid_dumpable = 0

# Change the amount of incoming connections and incoming connections backlog
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144

# Increase the maximum amount of memory buffers
net.core.optmem_max = 25165824

# Increase the default and maximum send/receive buffers
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmen_max = 67108864

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1

# Enable IP spoofing protection
net.ipv4.conf.all.rp_filter = 1

# Enable ignoring to ICMP requests and broadcasts request
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable logging of spoofed packets, source routed packets and redirect packets
net.ipv4.conf.all.log_martians = 1

# Disable IP source routing
net.ipv4.conf.all.accept_source_route = 0

# Disable ICMP redirect acceptance
net.ipv4.conf.all.accept_redirects = 0

Clamav Signatures

Clamav Signatures from malware expert help improve the detection rate on malware from PHP files. You can add malware expert clamav signatures to freshclam.conf file:

DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb

Read the rest of this entry »

See all SSH login attempts

Debian
View all failed login attempts
cat /var/log/auth.log | grep 'sshd.*Invalid'

View all successful logins
cat /var/log/auth.log | grep 'sshd.*opened'

RedHat/Centos
View all failed login attempts
cat /var/log/secure | grep 'sshd.*Invalid'

View all successful logins
cat /var/log/secure | grep 'sshd.*opened'