Sysctl.conf and other system tunings for Linux

PATCHFILES

Go Report Card

I came to the idea to create patchfiles, when I saw lots of config files people create.

Patchfiles implements various config scripts into one single bash file which you can run on freshly installed system.

IMPLEMENTED:

  • sysctl.conf
  • open files limit
  • sshd secure server
  • bfq scheduler
  • tune initial window size

System automatically builds revert.sh script, whcih can bu run in order to revert back changes.

BUILT AND TESTED ON

  • Ubuntu 20.04

PATCH (INSTALL)

Start as a root:

bash <(curl -L -s https://github.com/dpanic/patchfiles/releases/latest/download/patch.sh)

REVERT (UNINSTALL)

Start as a root:

bash <(curl -L -Ss https://github.com/dpanic/patchfiles/releases/latest/download/revert.sh)

TODO

  • implement stats
  • implement after patch command
  • refactor code to use Go Lang HTML templates
  • implement detection if patched, used in patch script
  • implement detection if not patched, used in revert script
  • implement revert
  • implement revert move .old to .current file if overwrite used in patching
  • implement categories (networking, performance, security, general ...) %
  • implement patch by category %
  • implement revert by category %
  • implement github ci/cd %
    • docker %
    • hooks %
    • generate output patchfiles.sh file on every push to main/dev %

References:

Owner
Dušan Panić
Senior Security Engineer
Dušan Panić
Similar Resources

A Rancher and Kubernetes optimized immutable Linux distribution based on openSUSE

RancherOS v2 WORK IN PROGRESS RancherOS v2 is an immutable Linux distribution built to run Rancher and it's corresponding Kubernetes distributions RKE

Nov 14, 2022

🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

🔥 🔥   Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

Jan 1, 2023

Linux provisioning scripts + application deployment tools. Suitable for self-hosting and hobby-scale application deployments.

Apollo Linux provisioning scripts + application deployment tools. Suitable for self-hosting and hobby-scale application deployments. Philosophy Linux-

Feb 7, 2022

Linux Controllers for Kubernetes

Tambourine Kubelet replacement with Built in Linux extensions Development Success: Install, Manage, and Observe a new systemd service from Kubernetes.

Jun 2, 2021

A Go library for the Linux Landlock sandboxing feature

Go landlock library The Go landlock library provides an interface to Linux 5.13's Landlock kernel sandboxing features. The library provides access to

Dec 27, 2022

Linux Gestures

 Linux Gestures

Swipe Gestures on Linux. https://evuraan.info/Swipe/ Screengrab: https://evuraan.info/evuraan/stuff/Swipe.mp4 Features Swipe uses a novel yet simple c

Nov 27, 2022

Truly Minimal Linux Distribution for Containers

Statesman Statesman is a minimal Linux distribution, running from memory, that has just enough functionality to run OCI-compatible containers. Rationa

Nov 12, 2021

Lagoon - Simple Linux package repository mirror

Lagoon - Simple Linux package repository mirror A lagoon is a shallow stretch of water separated from the sea by a reef or sandbank. Lagoon can be use

Aug 17, 2022

Automated Arch Linux (Written in Go)

Automated Arch Linux (Written in Go)

ShobuArch -- Automated Arch Linux Tools (Written in Go) Have you ever wanted to use an IaC (Infrastructure as Code) approach towards automating an Arc

Sep 18, 2022
Comments
  • Problem with sysctl config

    Problem with sysctl config

    It seems that my network card has problems with busy pool, when i set that up my network goes offline after a few minutes.

    Network card in question : RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller

Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification
Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers  Benchmark specification

lxd-probe Scan your Linux container runtime !! Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and outp

Dec 26, 2022
The mec platform for service register/discovery/subscribe and other functions.roject main repo.

EdgeGallery MEP project Introduction Edgegallery MEP is an open source implementation of MEC platform according to ETSI MEC 003 [1] and 011 [2] docume

Nov 15, 2022
kitex running in kubernetes cluster and discover each other in kubernetes Service way

Using kitex in kubernetes Kitex [kaɪt'eks] is a high-performance and strong-extensibility Golang RPC framework. This go module helps you to build mult

Feb 21, 2022
Bitrise step to parse a JaCoCo generated report and output the code coverage percentages to be used by other steps.

JaCoCo Report Parser This step parses a JaCoCo generated XML report in the jacoco_report_path and outputs the coverage percentages in a String format

Dec 6, 2021
A standalone exporter for vulnerability reports and other CRs created by Starboard.

starboard-exporter Exposes Prometheus metrics from Starboard's VulnerabilityReport custom resources (CRs). Metrics This exporter exposes two types of

Dec 14, 2022
Natural-deploy - A natural and simple way to deploy workloads or anything on other machines.

Natural Deploy Its Go way of doing Ansibles: Motivation: Have you ever felt when using ansible or any declarative type of program that is used for dep

Jan 3, 2022
A long-running Go program that watches a Youtube playlist for new videos, and downloads them using yt-dlp or other preferred tool.

ytdlwatch A long-running Go program that watches a Youtube playlist for new videos, and downloads them using yt-dlp or other preferred tool. Ideal for

Jul 25, 2022
RancherOS v2 is an immutable Linux distribution built to run Rancher and it's corresponding Kubernetes distributions RKE2 and k3s

RancherOS v2 is an immutable Linux distribution built to run Rancher and it's corresponding Kubernetes distributions RKE2 and k3s. It is built using the cOS-toolkit and based on openSUSE

Dec 27, 2022
Jan 4, 2022
This provider simply rotates Slack refresh tokens (for use in other providers).

Terraform Provider Slack Token This provider simply rotates Slack refresh tokens (for use in other providers). Requirements Terraform >= 1.0 Go >= 1.1

Jun 5, 2022