BACKRUSH  유닉스명령  다음  자료실  Ascii Table   원격접속  달력,시간   프로세스  
지하철노선   RFC문서   SUN FAQ   SUN FAQ1   C메뉴얼   PHP메뉴얼   너구리   아스키월드 아이피서치

글쓴이: 쉘 analyze_ip.sh Version 1.0 조회수: 6128


#!/bin/sh

# --------------------------------------------------------------- #
#
# analyze_ip.sh Version 1.0
#
# Written by Martin Allert, arago GmbH, Germany
# Contact & Bugfixes: allert@arago.de
#
# This script analyzes your TCP/IP stack settings and your
# NIC configurations. The value in brackets are recommendations.
# Most of these settings are recommended for security reasons.
#
# Version 1.0 of this script analyzes only the first hme instance, until
# I found out, how to get all NIC's with their instances directly from
# the kernel and not from this unsafe dmesg command. :)
#
# Turn the VAL definition containing ndd from -get to -set and you
# have a bootscript. Of course, comment out all settings at the end for the
# link partner queries :)
#
# Distribution of this script is only allowed 'as it is'.
#
# --------------------------------------------------------------- #

# --------------------------------------------------------------- #
# Some useful definitions #
# --------------------------------------------------------------- #

UREVISION=`uname -r`

BOLD="\033[1m"
NORMAL="\033[m"
NICDEV="/dev/hme"

# --------------------------------------------------------------- #
# We like Redhat, so we print it like their bootscripts :) #
# --------------------------------------------------------------- #

fill () {
awk '{leninput=length($($NF)); fill=63-leninput ; for (i=1; i< fill; i++) fillchar=fillchar"." ; printf $($NF) fillchar}'
}

# --------------------------------------------------------------- #
# Defining some formatted output #
# --------------------------------------------------------------- #

getparams () {
VAL=`/usr/sbin/ndd -get $1 $2`
printf "Value of $1 $2 is: " | fill
printf " ${VAL} ($3)\n"
}

# Set the ARP-cache timeout to 1 Minute (60000 ms)
if [ ${UREVISION} = "5.6" -o ${UREVISION} = "5.7" ]; then
printf "${BOLD}ARP Cache timeout${NORMAL}\n"
getparams /dev/ip ip_ire_flush_interval 60000ms

fi
getparams /dev/arp arp_cleanup_interval 60000ms

# Disable IP-forwarding
printf "${BOLD}IP Forwarding On/Off${NORMAL}\n"
getparams /dev/ip ip_forwarding 0

# Deny IP-spoofed packets on multi-homed servers
printf "${BOLD}Deny IP-spoofed packets on multi-homed servers${NORMAL}\n"
getparams /dev/ip ip_strict_dst_multihoming 1

# Disable forwarding of directed broadcasts
printf "${BOLD}Disable forwarding of directed broadcasts${NORMAL}\n"
getparams /dev/ip ip_forward_directed_broadcasts 0

# Drop source routed packets
printf "${BOLD}Drop source routed packets${NORMAL}\n"
getparams /dev/ip ip_forward_src_routed 0

# Do not respond to broadcast echo requests
printf "${BOLD}Do not respond to broadcast echo requests${NORMAL}\n"
getparams /dev/ip ip_respond_to_echo_broadcast 0

# Do not respond to timestamp broadcast requests
printf "${BOLD}Do not respond to timestamp broadcast requests${NORMAL}\n"
getparams /dev/ip ip_respond_to_timestamp_broadcast 0

# Do not respond to address mask broadcasts
printf "${BOLD}Do not respond to address mask broadcasts${NORMAL}\n"
getparams /dev/ip ip_respond_to_address_mask_broadcast 0

# Ignore ICMP redirects
printf "${BOLD}Ignore ICMP redirects${NORMAL}\n"
getparams /dev/ip ip_ignore_redirect 1

# Do not send ICMP redirects
printf "${BOLD}Do not send ICMP redirects${NORMAL}\n"
getparams /dev/ip ip_send_redirects 0

# Do not send ICMP timestamp requests
printf "${BOLD}Do not send ICMP timestamp requests${NORMAL}\n"
getparams /dev/ip ip_respond_to_timestamp 0

# Decrease the tcp time wait interval
if [ ${UREVISION} = "5.6" ]; then
printf "${BOLD}Decrease the tcp time wait interval${NORMAL}\n"
getparams /dev/tcp tcp_close_wait_interval 60000ms
else
printf "${BOLD}Decrease the tcp time wait interval${NORMAL}\n"
getparams /dev/tcp tcp_time_wait_interval 60000ms
fi

# Lower the smallest anon port
printf "${BOLD}Lower the smallest anon port${NORMAL}\n"
getparams /dev/tcp tcp_smallest_anon_port 8192

# Speed up the flushing of half-closed connection in state FIN_WAIT_2
printf "${BOLD}Flushing of half-closed connection in state FIN_WAIT_2${NORMAL}\n
"
getparams /dev/tcp tcp_fin_wait_2_flush_interval 67500ms

# Increase the receive and transmit window sizes
printf "${BOLD}Increase the receive and transmit window sizes${NORMAL}\n"
getparams /dev/tcp tcp_xmit_hiwat 65535
getparams /dev/tcp tcp_recv_hiwat 65535

# decrease the retransmit interval
printf "${BOLD}Decrease the retransmit interval${NORMAL}\n"
getparams /dev/tcp tcp_rexmit_interval_max 60000ms

# increase number of half-open connections
printf "${BOLD}Increase number of half-open connections${NORMAL}\n"
getparams /dev/tcp tcp_conn_req_max_q0 4096

# increase number of simultaneous connections
printf "${BOLD}Increase number of simultaneous connections${NORMAL}\n"
getparams /dev/tcp tcp_conn_req_max_q 1024

# Decrease TCP connection abort interval
printf "${BOLD}Decrease TCP connection abort interval${NORMAL}\n"
getparams /dev/tcp tcp_ip_abort_interval 60000ms

# Decrease TCP Keepalive Interval
printf "${BOLD}Decrease TCP Keepalive Interval${NORMAL}\n"
getparams /dev/tcp tcp_keepalive_interval 60000ms

# Increasing maximum congestial window size
printf "${BOLD}Increasing maximum congestial window size${NORMAL}\n"
getparams /dev/tcp tcp_slow_start_initial 2

# Is autnegotiation off?
printf "${BOLD}Is autonegotiation off?${NORMAL}\n"
getparams ${NICDEV} adv_autoneg_cap 0

# Do we have Full-Duplex on link?
printf "${BOLD}Do we have Full-Duplex on link?${NORMAL}\n"
getparams ${NICDEV} link_mode 1

# Do we have 100Mbit/s on link?
printf "${BOLD}Do we have 100Mbit/s on link?${NORMAL}\n"
getparams ${NICDEV} link_speed 1

# Do we have a link up?
printf "${BOLD}Do we have a link up?${NORMAL}\n"
getparams ${NICDEV} link_status 1

# Do we have link-partner autonegotiation?
printf "${BOLD}Do we have link-partner autonegotiation?${NORMAL}\n"
getparams ${NICDEV} lp_autoneg_cap 0

# Do we have link-partner 100fdx?
printf "${BOLD}Do we have link-partner 100fdx?${NORMAL}\n"
getparams ${NICDEV} lp_100fdx_cap 1

# Do we have link-partner 100hdx?
printf "${BOLD}Do we have link-partner 100hdx?${NORMAL}\n"
getparams ${NICDEV} lp_100hdx_cap 0

# Do we have link-partner 10fdx?
printf "${BOLD}Do we have link-partner 10fdx?${NORMAL}\n"
getparams ${NICDEV} lp_10fdx_cap 0

# Do we have link-partner 10hdx?
printf "${BOLD}Do we have link-partner 10hdx?${NORMAL}\n"
getparams ${NICDEV} lp_10hdx_cap 0


관련글 : 없음 글쓴시간 : 2002/08/28 18:57 from 210.121.188.5

  쉘에서의 메일링리스트 목록보기 새글 쓰기 지우기 응답글 쓰기 글 수정 시스템정보  
BACKRUSH  유닉스명령  다음  자료실  Ascii Table   원격접속  달력,시간   프로세스  
지하철노선   RFC문서   SUN FAQ   SUN FAQ1   C메뉴얼   PHP메뉴얼   너구리   아스키월드 아이피서치