On Sat, 12 May 2001, Paul Sullivan wrote:
> On Fri, 11 May 2001 [EMAIL PROTECTED] wrote:
>
> >
> > Hey everyone,
> >
> > Sorry for the crosspost, but I wanted to make sure everybody and anybody
> > who has knowledge on this subject has seen my plea for help. :)
> > (espeically since I'll probably be doing this switch tomorrow)
> >
> > Are there currently any tweaks in solaris i386 for the abuse IRC
> > servers puts the kernel under? I know of the following two lines for
> > /etc/system, but I don't know if there's anything else I need to tweak.
> >
> > set rlim_fd_max = 8192
> > set rlim_fd_cur = 4096
> >
> In addition to those, heres a tweak to remove a majority of buffer
> overflow security holes on solaris, which will send a SIGSEGV to any
> process trying to execute code on its stack, and log the attempt to
> syslog:
>
> set noexec_user_stack=1
> set noexec_user_stack_log=1
>
> It also might be a good idea to tweak ndd to 100BaseT full
> duplex on, 100BaseT half duplex off, 10BaseT full duplex off, 10BaseT half
> duplex off, autonegotiation off, in most situations, to avoid under
> performance on the network side :)
If you where wondering how to do that:
* this forces the interface in 100Mb full-duplex mode
set hme:hme_adv_100fdx_cap=1
set hme:hme_adv_100hdx_cap=0
set hme:hme_adv_10fdx_cap=0
set hme:hme_adv_10hdx_cap=0
set hme:hme_adv_autoneg_cap=0
Also, depending on your Solaris version:
* enable the hardware watchdog (reboots if OS crashes)
set watchdog_enable = 1
UnderTow
--
Alistair Johnston * * EuroNet Internet BV
Network Operations Team * * Muiderstraat 1
* 1011 PZ Amsterdam
E-mail: [EMAIL PROTECTED] * Tel: +31 20 535 55 55
