},
:network_buffers => {
:comment => "Tune network buffers",
- :parameters => {
+ :parameters => {
"net.core.rmem_max" => "16777216",
"net.core.wmem_max" => "16777216",
"net.ipv4.tcp_rmem" => "4096\t87380\t16777216",
},
:network_conntrack_established => {
:comment => "Only track established connections for four hours",
- :parameters => {
+ :parameters => {
"net.netfilter.nf_conntrack_tcp_timeout_established" => "14400"
}
},
:tcp_syncookies => {
- :comment => "Turn off syncookies as they interact badly with the firewall",
+ :comment => "Turn on syncookies to protect against SYN floods",
:parameters => {
- "net.ipv4.tcp_syncookies" => "0"
+ "net.ipv4.tcp_syncookies" => "1"
}
}
},
:comment => "Tune the ondemand CPU frequency governor",
:parameters => {
"devices/system/cpu/cpufreq/ondemand/up_threshold" => "25",
- "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10"
+ "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "100"
}
}
}
"recipe[openssh]",
"recipe[sysctl]",
"recipe[sysfs]",
- "recipe[tools]"
+ "recipe[tools]",
+ "recipe[fail2ban]"
)