X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/a7d96c8358a00088b485fadb5966eb4b231d2ff1..ff044920428608b2c04507ad52d6ab52c9d6555f:/roles/base.rb?ds=sidebyside diff --git a/roles/base.rb b/roles/base.rb index 15c913d3d..b38d5ce16 100644 --- a/roles/base.rb +++ b/roles/base.rb @@ -31,7 +31,7 @@ default_attributes( }, :network_buffers => { :comment => "Tune network buffers", - :parameters => { + :parameters => { "net.core.rmem_max" => "16777216", "net.core.wmem_max" => "16777216", "net.ipv4.tcp_rmem" => "4096\t87380\t16777216", @@ -44,14 +44,14 @@ default_attributes( }, :network_conntrack_established => { :comment => "Only track established connections for four hours", - :parameters => { + :parameters => { "net.netfilter.nf_conntrack_tcp_timeout_established" => "14400" } }, :tcp_syncookies => { - :comment => "Turn off syncookies as they interact badly with the firewall", + :comment => "Turn on syncookies to protect against SYN floods", :parameters => { - "net.ipv4.tcp_syncookies" => "0" + "net.ipv4.tcp_syncookies" => "1" } } }, @@ -60,7 +60,7 @@ default_attributes( :comment => "Tune the ondemand CPU frequency governor", :parameters => { "devices/system/cpu/cpufreq/ondemand/up_threshold" => "25", - "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10" + "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "100" } } } @@ -79,5 +79,6 @@ run_list( "recipe[openssh]", "recipe[sysctl]", "recipe[sysfs]", - "recipe[tools]" + "recipe[tools]", + "recipe[fail2ban]" )